From: Jakub Narebski <jnareb@gmail.com>
To: Thomas Koch <thomas@koch.ro>
Cc: Daniel Barkalow <barkalow@iabervon.org>,
Gary Yang <garyyang6@yahoo.com>,
git@vger.kernel.org
Subject: Re: How to hide a git repository?
Date: Tue, 25 Nov 2008 12:10:43 -0800 (PST) [thread overview]
Message-ID: <m3skpfk1mp.fsf@localhost.localdomain> (raw)
In-Reply-To: <200811252001.37259.thomas@koch.ro>
Thomas Koch <thomas@koch.ro> writes:
> Am Tuesday 25 November 2008 19:38:02 schrieb Daniel Barkalow:
> > On Mon, 24 Nov 2008, Gary Yang wrote:
> > > Do I have to create two git servers? One is for public to download the
> > > released code. For example: gitpub.mycompany.com:/pub/linux/kernel.
> >
> > The public can't generally use this URL, because it's an ssh URL, and they
> > won't be able to connect with ssh. They can only really use
> > git://gitpub.mycompany.com/pub/linux/kernel or something similar.
> >
> > The normal pattern is to have R/W access with ssh and anonymous read
> > access via git://...; you can then have multiple repositories on the same
> > host, with the git server only serving the public one. All of them will be
> > accessible to the ssh methods (restricted by the user's UNIX permissions
> > on the files in those directories).
To control access via SSH protocol (which can be used both for
fetching and for pushing), you can either configure accounts and
user/groups permissions on repository directories, or you can use
external tool like ssh_acl or Gitosis.
To control access via HTTP you can employ authorization and
authentication from your web server; for push this would be matter of
setting up WebDAV.
To control access via anonymous git:// protocol, you can use whitelist
and blacklist mechanism built in git-daemon; by default only
repositories with git-daemon-export-ok in them (in .git) are exported,
if I understand correctly.
Additionally, if protocol is authenticated you can use hooks mechanism
like example contrib/hooks/update-paranoid to restrict access (and
with finer granularity too).
> Do you now of a way to show public repos with gitweb to the public and
> private repos to the staff with the same gitweb installation?
You can quite simply restrict access to some directories/repositories,
or the fact that they are listed in list of all projects for _all_
clients quite easily (see description of GITWEB_EXPORT_OK in
gitweb/README and gitweb/INSTALL).
If you have something more fancy, check out newest gitweb and take a
look at gitweb/INSTALL: you can now, thanks to commit dd7f5f1 by
Alexander Gavrilov, see
http://permalink.gmane.org/gmane.comp.version-control.git/99962
HTH
--
Jakub Narebski
Poland
ShadeHawk on #git
next prev parent reply other threads:[~2008-11-25 20:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-25 0:32 How to hide a git repository? Gary Yang
2008-11-25 0:37 ` Heikki Orsila
2008-11-25 1:40 ` Gary Yang
2008-11-25 3:58 ` Bruno Cesar Ribas
2008-11-25 2:16 ` Gary Yang
2008-11-25 6:15 ` Nicolas Morey-Chaisemartin
2008-11-25 18:38 ` Daniel Barkalow
2008-11-25 19:01 ` Thomas Koch
2008-11-25 19:08 ` Daniel Barkalow
2008-11-25 20:10 ` Jakub Narebski [this message]
2008-11-25 21:03 ` Junio C Hamano
2008-11-25 21:19 ` Jakub Narebski
2008-11-25 21:46 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3skpfk1mp.fsf@localhost.localdomain \
--to=jnareb@gmail.com \
--cc=barkalow@iabervon.org \
--cc=garyyang6@yahoo.com \
--cc=git@vger.kernel.org \
--cc=thomas@koch.ro \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).