基于SSH的对Git存储库的选择性访问
[英]Selective access to Git repository based on SSH
问题描述
I have a server with six Git repositories, to which I have read+write access through a single SSH account, all in /opt/git/, all owned by the SSH account. 
我有一台带有六个Git存储库的服务器,我可以通过一个SSH帐户对它进行读写访问,所有SSH帐户都在/ opt / git /目录中。
I'd like to give somebody else read+write access the a few of the repositories, but not to all. 我想让其他人可以读写访问一些存储库,但不是全部。
- How do I create a new SSH user that has access to only a few select repositories? 如何创建只能访问少数选择存储库的新SSH用户?
- Can I use filepermissions (currently 0755) to control this type of access? 我可以使用文件权限(当前为0755)来控制这种类型的访问吗?
- Are there any best practices? 有没有最佳做法?
It's unlikely we'll have a third developer for quite a while, atleast not before we get a proper sysadmin, so it's okay if it's "good enough for now". 我们不太可能会有第三位开发人员在相当长的一段时间内,至少要等到获得合适的系统管理员之后,因此“现在足够好”就可以了。
1 个解决方案
解决方案1
0 2013-04-23 14:17:41
That would be best managed by gitolite (an authorization layer ), which would allow you to configure a list of: 最好由gitolite ( 授权层 )管理,这将允许您配置以下列表:
- ssh user keys ssh用户密钥
- repositories 仓库
And associate the users you want to the right repos. 并将您想要的用户关联到正确的存储库。
All users would still access those repos through ssh with the account git, but using their own public/private ssh keys (registered in gitolite config file), generated with a command similar to: 所有用户仍将使用git帐户通过ssh访问那些存储库,但使用其自己的公用/专用ssh密钥(已在gitolite配置文件中注册),该密钥的生成类似于以下命令:
ssh-keygen -t rsa -f "${H}/.ssh/myLogin" -C "My Gitolite access (not interactive)" -q -P ""
Each user would set up a %HOME%/.ssh/config file in order to reference myLogin/myLogin.pub keys. 每个用户都将设置%HOME%/.ssh/config文件 ,以引用myLogin/myLogin.pub密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.