From: Shawn Pearce <spearce@spearce.org>
To: Sitaram Chamarty <sitaramc@gmail.com>
Cc: Martin L Resnick <mresnick@bbn.com>,
"R. Tyler Croy" <tyler@monkeypox.org>,
git@vger.kernel.org
Subject: Re: ACLs for GIT
Date: Mon, 16 May 2011 18:49:08 -0700 [thread overview]
Message-ID: <BANLkTi=9vp+ibVa3tQzXbZSeYATKwmF60Q@mail.gmail.com> (raw)
In-Reply-To: <BANLkTikwEivOiQVV-B=g3pP_StXAa8CVwg@mail.gmail.com>
On Mon, May 16, 2011 at 18:32, Sitaram Chamarty <sitaramc@gmail.com> wrote:
> On Mon, May 16, 2011 at 6:52 PM, Martin L Resnick <mresnick@bbn.com> wrote:
>> Thanks for the reply.
>>
>> But gitolite would only work to deny reads on a repository or ref basis
>> not a pathname level.
>
> I notice the original question has been answered, so this email is
> just for the record.
>
> Gitolite does not do any access control on *read* access (fetch,
> clone). It can only do that on *write*s (push).
>
> Gerrit does that because they've reimplemented git itself and have
> coded that into their git engine somehow. I believe they had to
> implement a callback from jgit to gerrit for the fetch,
Yes, we do.
> and deal with
> evil clients that might try to read an object by pushing a supposed
> change on top of a SHA that they know but don't actually have. (Or
> something like that; I'm not real clear on this...).
Yes, we also have protections for this. Users cannot push objects that
reference objects they are not allowed to read. This check needs to be
done for delta bases as well as commit tree/parent pointers, and tree
entries. Its not difficult, but its not as simple as just limiting the
branch names shown to upload-pack.
> PS: Gitolite does have unreleased code to do this but it's a hack with
> several limitations. Gitolite makes a temp "clone -l", deletes all
> refs from it that the user has no access to, then redirects the
> git-upload-pack to that repo instead ;-)
Cute hack. Doesn't prevent the evil client from making an indirect
reference to something you shouldn't have. :-)
--
Shawn.
next prev parent reply other threads:[~2011-05-17 1:49 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-15 19:24 ACLs for GIT Martin L Resnick
2011-05-15 20:15 ` Magnus Bäck
2011-05-16 13:22 ` Martin L Resnick
2011-05-16 15:26 ` Richard Peterson
2011-05-16 15:33 ` Phil Hord
2011-05-16 15:36 ` Martin L Resnick
2011-05-16 16:28 ` Jakub Narebski
2011-05-15 20:16 ` R. Tyler Croy
2011-05-16 13:22 ` Martin L Resnick
2011-05-17 1:32 ` Sitaram Chamarty
2011-05-17 1:49 ` Shawn Pearce [this message]
2011-05-17 12:08 ` Sitaram Chamarty
2011-05-17 14:06 ` Shawn Pearce
2011-05-17 15:41 ` Sitaram Chamarty
2011-05-15 20:28 ` Marc Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTi=9vp+ibVa3tQzXbZSeYATKwmF60Q@mail.gmail.com' \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=mresnick@bbn.com \
--cc=sitaramc@gmail.com \
--cc=tyler@monkeypox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).