From: Michael Poole <mdpoole@troilus.org>
To: Eugene Sajine <euguess@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: Git push over git protocol for corporate environment
Date: Wed, 30 Sep 2009 19:54:09 -0400 [thread overview]
Message-ID: <873a64gfa6.fsf@sanosuke.troilus.org> (raw)
In-Reply-To: <76c5b8580909301613m283c4bfdne8de449ca0fd0987@mail.gmail.com> (Eugene Sajine's message of "Wed\, 30 Sep 2009 19\:13\:23 -0400")
Eugene Sajine writes:
[snip]
> My problem is that I need the simplest, easiest and fastest solution
> from setup and maintenance point of view in a situation when we have a
> huge CVS repo with hundreds of modules (projects) in it. My current
> understanding is that we are going to pull out project by project from
> CVS and create corresponding git repos.
> So, this brings us to hundreds of git repos and over 200 hundred
> committers. In this circumstances we don’t want to manage each repo
> separately as well as we don’t want to manage each person write access
> rights to each repo.
> As I understand the best solution here is git protocol (one port only
> on dedicated server and no security as we are in trusted network) with
> read and write access configured for all repos on a dedicated server.
> What do you think I should do? How to enable push over git protocol?
How do you manage permissions now? How would you like to manage
rights under the new system?
I am a git amateur, but I would suggest using git+ssh (git over ssh)
and use group or ACL permissions based on the SSH user account. The
standard git-daemon does not provide authentication or authorization,
so you would have to roll your own -- but git+ssh lets you leverage
the operating system's built-in access controls.
For example, some developers might belong to group A, and others
developers belong to group B. With standard Unix permissions, you
could grant global read but only group-A commit rights to any number
of permissions (by appropriate use of git init --shared).
I have not tried using POSIX ACLs to grant more complicated access
rights for git repositories, but setting default ACL entries on the
directory before running "git init" *should* give good results.
(Others have mentioned Gerrit. I use that at work, and my only major
wish is that it had per-branch rather than per-project access
controls. It is a vast improvement over the Subversion system we had
before.)
Michael Poole
next prev parent reply other threads:[~2009-10-01 0:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-30 23:13 Git push over git protocol for corporate environment Eugene Sajine
2009-09-30 23:23 ` David Brown
2009-09-30 23:43 ` Jakub Narebski
[not found] ` <00163623ac5d75929b0474e66b96@google.com>
2009-10-02 14:41 ` Eugene Sajine
2009-10-02 14:47 ` Shawn O. Pearce
2009-10-02 15:58 ` Eugene Sajine
2009-10-02 18:54 ` Ismael Luceno
2009-10-04 15:25 ` Jakub Narebski
2009-10-04 16:26 ` Matthieu Moy
2009-09-30 23:54 ` Michael Poole [this message]
2009-10-01 0:06 ` Shawn O. Pearce
2009-10-01 6:29 ` Marius Storm-Olsen
2009-10-01 18:06 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873a64gfa6.fsf@sanosuke.troilus.org \
--to=mdpoole@troilus.org \
--cc=euguess@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).