如何使 git 存储库“仅拉取”
[英]How to Make a git Repository 'pull only'
问题描述
I am setting up a development environment on a shared server for multiple developers.
我正在为多个开发人员在共享服务器上设置开发环境。 I will have one repository that houses all code used in production, and many others used for development by different members of the team.我将拥有一个存储库,其中包含生产中使用的所有代码,以及团队不同成员用于开发的许多其他代码库。 What I would like is for the production repo to be 'pull only'.我想要的是生产回购是“只拉”。 Users can pull from it and get production changes locally whenever they want, but pushes need to be handled by a production admin, or at least require a password.用户可以随时从中提取并在本地获取生产更改,但推送需要由生产管理员处理,或者至少需要密码。 Something like:就像是:
[user@machine /devroot/myrepo]$ git pull $PRODUCTION master
From <location>
*branch master -> FETCH_HEAD
Already up-to-date
[user@machine /devroot/myrepo]$ git push $PRODUCTION master
error: user `user` is not authorized for this action
Or要么
[user@machine /devroot/myrepo]$ git push $PRODUCTION master
HEAD @ `$PRODUCTION`-Please enter password:
I believe I could do this with file permissions, but that doesn't strike me as an elegant solution.我相信我可以通过文件权限来做到这一点,但这并没有让我觉得这是一个优雅的解决方案。 Does git have something like this built in? git有内置的东西吗?
6 个解决方案
解决方案1
3 已采纳 2013-07-17 17:03:13
If you want complex repository access controls, you may want to look into Gerrit .如果您想要复杂的存储库访问控制,您可能需要查看Gerrit 。 Its primary focus is code review (which is totally worth having as well!), but it also does access control as a side effect.它的主要重点是代码审查(这也完全值得!),但它也有访问控制的副作用。
Otherwise, if you just want something really simple, file permissions are a perfectly good way of handling this on a single machine.否则,如果你只是想要一些非常简单的东西,文件权限是在一台机器上处理这个问题的完美方法。 So long as a user can't write to the files in the directory containing the repository, they can't push to it.只要用户不能写入包含存储库的目录中的文件,他们就无法推送到它。 I see nothing inelegant about that at all!我完全看不出这有什么不雅的地方!
解决方案2
3 2016-07-27 07:05:37
Would a more 'consenting adults' kind of solution work fine?更“同意成年人”的解决方案会奏效吗?
For example, in git you set up only the remote fetch, and leave the remote push to a dummy non-existing URL, so that a user can't accidentally git push to it.例如,在 git 中,您只设置了远程获取,并将远程推送留给了一个虚拟的不存在的 URL,这样用户就不会意外地git push到它。
Edit: this is similar to what is accepted in this question .编辑:这类似于此问题中接受的内容。
解决方案3
2 2013-07-17 18:02:16
You can use gitolite or gitosis .您可以使用gitolite或gitosis 。 Then you can create lists of users who can pull, push each branch, who can create tags etc.然后,您可以创建可以拉取、推送每个分支、可以创建标签等的用户列表。
I know gitolite better than gitosis.我比 gitosis 更了解 gitolite。 The configuration is only a git repository with simple syntax for the files.配置只是一个具有简单文件语法的 git 存储库。
解决方案4
1 2013-07-17 18:28:30
I agree with @duskwuff ..Take a look at this branching model .我同意@duskwuff ..看看这个分支模型。 This will help you achieve pull only without Gerrit这将帮助您在没有Gerrit 的情况下实现 pull
解决方案5
1 2013-07-17 20:28:28
git itself does not include any rights management. git 本身不包括任何权限管理。
you can achieve this one level higher in the software that manages your git repositories (if you go for a somewhat centralized approach, but i guess most companies want this).您可以在管理 git 存储库的软件中实现更高的级别(如果您采用某种集中的方法,但我想大多数公司都希望这样做)。 so gitolite ( http://gitolite.com/gitolite/ ) or gitlab can do this ( http://gitlab.org/ ).所以 gitolite ( http://gitolite.com/gitolite/ ) 或 gitlab 可以做到这一点 ( http://gitlab.org/ )。
解决方案6
0 2020-04-14 15:13:50
A simple solution for this is a users profile /etc/profile.d/git_restrictions.sh :一个简单的解决方案是用户配置文件 /etc/profile.d/git_restrictions.sh :
function git() {
if [[ "$@" == 'pull' ]] || [[ "$@" == 'status' ]] || [[ "$@" == 'help' ]]; then
echo "git $@"
command git $@
else
echo " Allowed GIT commands on this server are:"
echo " - git pull"
echo " - git help"
echo " - git status"
fi
}
Then when you run anything else except listed above, this happens:然后,当您运行上面列出的任何其他内容时,会发生这种情况:
Allowed GIT commands on this server are:
- git pull
- git help
- git status
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.