问题描述
我的服务器上有GITOLITE,我想配置对存储库的访问.我想限制某些用户对某些分支的访问.我尝试了很多变种来配置gitolite.conf文件,但没有找到解决方案来限制对某些分支的访问权限.
I have GITOLITE on my server and I want to configure access to my repository. I want to restrict access to some branches for some users. I try a lot of variants how to configure gitolite.conf file and I didn't find solution how to restrict acces to some branches.
1)
@developers1 = user1
@developers2 = user2
repo dbatest
RW+ = @developers1
R test = @developers2
- test = @developers2
RW+ = @developers2
当user2执行命令时:git push origin test
:推入成功在gitolite日志中,我有以下几行:
When user2 executed command: git push origin test
: push succeedIn gitolite log I had this lines:
http ARGV=user2 SOC=git-receive-pack 'dbatest' FROM=10.65.184.239
6453 pre_git dbatest user2 W any refs/.*
6453 system,git,http-backend
6453 END
2)
@developers1 = user1
@developers2 = user2
repo dbatest
RW+ = @developers1
- test = @developers2
RW+ = @developers2
当user2执行命令时:git push origin test
:推送成功在gitolite日志中,我有以下几行:
When user2 executed command: git push origin test
: push succeedIn gitolite log I had this lines:
http ARGV=user2 SOC=git-receive-pack 'dbatest' FROM=10.65.184.239
6457 pre_git dbatest user2 W any refs/.*
6457 system,git,http-backend
6457 END
3)
@developers1 = user1
@developers2 = user2
repo dbatest
RW+ = @developers1
R test = @developers2
- test = @developers2
RW+ = @developers2
option deny-rules = 1
当user2执行命令:git push origin test
:推送被拒绝,他看到此消息:
When user2 executed command: git push origin test
: push denied and he saw this message:
fatal: remote error: FATAL: W any dbatest user2 DENIED by refs/heads/test
(or you mis-spelled the reponame)
在乙醇钠盐日志中,我有这个:
And in gitolite log i had this:
8161 http ARGV=user2 SOC=git-receive-pack 'dbatest' FROM=10.65.184.239
8161 die W any dbatest user2 DENIED by refs/heads/test<<newline>>(or you mis-spelled the reponame)
这看起来不错,但是当他尝试将某些内容推入master分支时,他有这样的想法.
It's look like good, but when he try to push something into the master branch he had this meesage to.
我尝试在我的gitolite配置文件中混合使用这些行,但是它们对我不起作用.
I tryed mix this lines in my gitolite config file but they didn't work for me.
如果有人可以帮助我,我会很高兴.我想限制某些开发人员对某些分支的写访问权限.我无法创建其他存储库,我必须在一个主存储库上使用限制策略.
I will be happy if someone can help me with it. I want to restrict write access to some branches for some developers. I cann't create additional repository I must to use restrict policy on one main repository.
非常感谢!
推荐答案
如果我查看官方文档:
repo foo bar
RW+ = alice @teamleads
- master = dilbert @devteam
- refs/tags/v[0-9] = dilbert @devteam
RW+ dev/ = dilbert @devteam
RW = dilbert @devteam
R = @managers
they can do anything to branches whose names start with "dev/"
**they can create or fast-forward push, but not rewind or delete, any branch except `master`**
所以看起来不错:
- test = @developers2
RW+ = @developers2
不过,乙醇钠有两种检查方法:
However gitolite has two checks:
- 当引用未知时(在这种情况下,将忽略
- test
)一个, - 一个裁判是众所周知的.
- one when the ref is unknown (in which case
- test
is ignored), - one for the ref is known.
在您的情况下,应该知道ref(测试),并且应用拒绝规则.
In your case, the ref (test) should be known and the deny rule apply.
您可以通过以下方法跟踪特定规则的逻辑来进行更多调试:
You can debug more by tracing the logic of your specific rules with:
gitolite access -s dbatest user2 W test
OP Sufelfay 确认限制访问分支机构/29840269#comment47820830_29840269> 它适用于3.5.3,而不适用于3.6.x .
这篇关于凹凸棒石限制进入分支机构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!