From: Matthieu Moy <Matthieu.Moy@grenoble-inp.fr>
To: Jakub Narebski <jnareb@gmail.com>
Cc: Eugene Sajine <euguess@gmail.com>, git@vger.kernel.org
Subject: Re: Git push over git protocol for corporate environment
Date: Sun, 04 Oct 2009 18:26:27 +0200 [thread overview]
Message-ID: <vpqtyyf5dn0.fsf@bauges.imag.fr> (raw)
In-Reply-To: <200910041725.39992.jnareb@gmail.com> (Jakub Narebski's message of "Sun\, 4 Oct 2009 17\:25\:39 +0200")
Jakub Narebski <jnareb@gmail.com> writes:
> On Thu, 1 Oct 2009, Eugene Sajine wrote:
>
>> Thanks to everybody for prompt answers!
>
> You are welcome!
>
>> There is one thing I'm still missing though. Do I understand correctly that
>> if a person has an ssh access (account) to the host in internal network,
>> then this won't be enough for him to be able to push to the repo? Should we
>> still go through the hassle of managing the ssh keys for each particular
>> user who is supposed to have push access?
>
> Yes, it is enough to push (and fetch) via SSH protocol.
To be a bit more precise: roughly, there are two ways to manage access
to a Git repo via SSH:
* One unix user (typically called "git") managing the repository, and
eveybody connecting to the repo via ssh://git@.... Then, if you want
any access control within the owned repositories for this user, you
need a key-based authentication to be able to distinguish who's
connecting. This is what gitorious does.
* Everyone has its own unix account, and the repository is shared (via
ACLs or simple group-based permissions, see git init --shared).
Then, each user can choose the way he prefers for authentication,
and if the user has an unrestricted account (i.e. can write
~/.ssh/authorized_keys), then it's the job of the users to manage
this, not the one of the sysadmin.
--
Matthieu Moy
http://www-verimag.imag.fr/~moy/
next prev parent reply other threads:[~2009-10-04 16:32 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-30 23:13 Git push over git protocol for corporate environment Eugene Sajine
2009-09-30 23:23 ` David Brown
2009-09-30 23:43 ` Jakub Narebski
[not found] ` <00163623ac5d75929b0474e66b96@google.com>
2009-10-02 14:41 ` Eugene Sajine
2009-10-02 14:47 ` Shawn O. Pearce
2009-10-02 15:58 ` Eugene Sajine
2009-10-02 18:54 ` Ismael Luceno
2009-10-04 15:25 ` Jakub Narebski
2009-10-04 16:26 ` Matthieu Moy [this message]
2009-09-30 23:54 ` Michael Poole
2009-10-01 0:06 ` Shawn O. Pearce
2009-10-01 6:29 ` Marius Storm-Olsen
2009-10-01 18:06 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=vpqtyyf5dn0.fsf@bauges.imag.fr \
--to=matthieu.moy@grenoble-inp.fr \
--cc=euguess@gmail.com \
--cc=git@vger.kernel.org \
--cc=jnareb@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).