link user-name with ssh-login

link user-name with ssh-login

[Roberto]

Hi,

I have small ssh-based git server used for insite code development. But 
there is one thing I can't find how to set.

In the server, each developer has a valid ssh account (I switched the 
shell to git-shell). The problem is that when a developer commit's some 
code, he can freely set in his local .git/config file the user name he 
want's to appear in the commit logs. Is there any way to link/force a 
certain ssh login to a name?

Thanks,

Roberto

-- 
   -----------------------------------------------------
                 Marcos Roberto Greiner

    Os otimistas acham que estamos no melhor dos mundos
     Os pessimistas tem medo de que isto seja verdade
                                   James Branch Cabell
   -----------------------------------------------------

Re: link user-name with ssh-login

[Junio C Hamano]

Roberto <mrgreiner@gmail.com> writes:

> I have small ssh-based git server used for insite code
> development. But there is one thing I can't find how to set.
>
> In the server, each developer has a valid ssh account (I switched the
> shell to git-shell). The problem is that when a developer commit's
> some code, he can freely set in his local .git/config file the user
> name he want's to appear in the commit logs. Is there any way to
> link/force a certain ssh login to a name?

A pre-receive hook that lists the author names of the commits, along the
lines of "git log --format='%an <%ae>' $OLD_HEAD..$NEW_HEAD" and compares
against the name of the user authenticated against your SSH server would
be a way to do this.

But that would mean you are forbidding people to accept patches from
others, inspect the patches for validity and vouch for them, while giving
the credit to them by recoding the author names of the patch authors.

Perhaps checking the committer name would suit your situation better.  I
dunno.

Re: link user-name with ssh-login

[Jeff King]

On Mon, Mar 19, 2012 at 12:15:07PM -0700, Junio C Hamano wrote:

> A pre-receive hook that lists the author names of the commits, along the
> lines of "git log --format='%an <%ae>' $OLD_HEAD..$NEW_HEAD" and compares
> against the name of the user authenticated against your SSH server would
> be a way to do this.
> 
> But that would mean you are forbidding people to accept patches from
> others, inspect the patches for validity and vouch for them, while giving
> the credit to them by recoding the author names of the patch authors.
> 
> Perhaps checking the committer name would suit your situation better.  I
> dunno.

Then you would be forbidding merges of other people's work, no? Even if
the other person's commits are available in the upstream repo, they
might be hitting this ref for the first time, and would be generally be
checked by such a hook.

-Peff

Re: link user-name with ssh-login

[Shawn Pearce]

On Mon, Mar 19, 2012 at 13:57, Jeff King <peff@peff.net> wrote:
> On Mon, Mar 19, 2012 at 12:15:07PM -0700, Junio C Hamano wrote:
>
>> A pre-receive hook that lists the author names of the commits, along the
>> lines of "git log --format='%an <%ae>' $OLD_HEAD..$NEW_HEAD" and compares
>> against the name of the user authenticated against your SSH server would
>> be a way to do this.
>>
>> But that would mean you are forbidding people to accept patches from
>> others, inspect the patches for validity and vouch for them, while giving
>> the credit to them by recoding the author names of the patch authors.
>>
>> Perhaps checking the committer name would suit your situation better.  I
>> dunno.
>
> Then you would be forbidding merges of other people's work, no? Even if
> the other person's commits are available in the upstream repo, they
> might be hitting this ref for the first time, and would be generally be
> checked by such a hook.

Most hooks that are trying to do this use "$NEW_HEAD --not --all" to
only examine commits that would be newly reachable. Already reachable
commits are presumed valid. If you want to merge someone else's
commits, just make sure they have already pushed their commits to a
branch somewhere, like a refs/heads/$USER/ sandbox space or something.

Re: link user-name with ssh-login

[Sitaram Chamarty]

On Mon, Mar 19, 2012 at 10:28 PM, Roberto <mrgreiner@gmail.com> wrote:
> Hi,
>
> I have small ssh-based git server used for insite code development. But
> there is one thing I can't find how to set.
>
> In the server, each developer has a valid ssh account (I switched the shell
> to git-shell). The problem is that when a developer commit's some code, he
> can freely set in his local .git/config file the user name he want's to
> appear in the commit logs. Is there any way to link/force a certain ssh
> login to a name?

along the lines of what others already said, here's my rant on this requirement:

https://github.com/sitaramc/gitolite/blob/pu/contrib/VREF/gl-VREF-EMAIL_CHECK#L37