堆栈内存溢出
  简体   繁体   English

管理 Linux 服务器上多个 git 存储库的用户访问权限,根据 SSH 密钥授予每个存储库的访问权限?

[英]Managing user access for multiple git repositories on Linux server, granting access per repos based on SSH key?

 原文  2020-04-16 18:42:29       git/ ssh/ repository/ ssh-keys/ user-accounts

问题描述

I have a Linux server with some bare git repositories, that are being used remotely by several developers.我有一个 Linux 服务器,其中包含一些裸露的 git 存储库,一些开发人员正在远程使用这些存储库。 Currently, all developers have access to all repositories.目前,所有开发人员都可以访问所有存储库。

I am using just one 'git' user account on the server, and each individual developer has their own SSH key through which they can access git through SSH.我在服务器上只使用一个“git”用户帐户,每个开发人员都有自己的 SSH 密钥,他们可以通过该密钥访问 git 到 SSH。

Now, I intend to add a few more developers, but they should only have access to some of the git repositories, not all.现在,我打算再添加一些开发人员,但他们应该只能访问一些git 存储库,而不是全部。

Is it possible to do this, while still keeping the single actual Linux user account (ie my 'git' user), and distinguish between the developers' SSH keys for managing access to the various repositories?是否可以这样做,同时仍然保留单个实际 Linux 用户帐户(即我的“git”用户),并区分开发人员的 SSH 密钥以管理对各种存储库的访问?

I've read some approaches using gitolite , not sure if that is still up to date of valid.我已经阅读了一些使用gitolite的方法,不确定这是否仍然是最新的有效。 What I liked about my approach so far is it doesn't require any additional setup or software, it's just basic git and SSH.到目前为止,我喜欢我的方法的是它不需要任何额外的设置或软件,它只是基本的 git 和 SSH。 Is that still possible if I want to assign different access rights per SSH key?如果我想为每个 SSH 密钥分配不同的访问权限,这仍然可行吗?

1 个解决方案

解决方案1
 0  2020-04-16 23:03:34

If you're using a standard OpenSSH server and want to give the restricted users multiple repositories, then no, you can't do this.如果您使用标准 OpenSSH 服务器并希望为受限用户提供多个存储库,那么不,您不能这样做。 You can use OpenSSH's authorized_keys file to restrict a particular key to a specific command, but only one such command, so you can't distinguish across multiple repositories.您可以使用 OpenSSH 的authorized_keys文件将特定密钥限制为特定命令,但只能使用一个这样的命令,因此您无法区分多个存储库。

If you want to use a shared system user and multiple repositories with different user access rights, then Gitolite is a good choice.如果您想使用共享系统用户和具有不同用户访问权限的多个存储库,那么 Gitolite 是一个不错的选择。 It is still in use in lots of places and is not too difficult to set up.它仍在许多地方使用,并且设置起来并不难。 You can additionally set up HTTP access with it as well (with a suitable HTTP server), should that be a thing you want to do.如果这是您想做的事情,您还可以使用它另外设置 HTTP 访问权限(使用合适的 HTTP 服务器)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GitLab:通过SSH进行密钥访问而不授予对整个Web服务器的访问权限 - GitLab: SSH access with key without granting access to whole webserver 如何根据给定的ssh key限制git SSH访问 - How to restrict git SSH access based on ssh key given 没有SSH访问权限的服务器上的Git - Git on server with no SSH access 管理多个Git回购/分叉 - Managing Multiple Git Repos / Forks 具有 ssh 访问权限的共享主机上的 Git 存储库 - 多个用户/一个 ssh 帐户 - Git repositories on shared hosting with ssh access - multiple users / one ssh account SSH密钥,但仅用于git访问 - SSH key but for git access only Sudo git是另一个使用ssh-agent进行密钥访问的用户 - Sudo git as another user with ssh-agent for key access 管理GIT权限 - 多个存储库 - Managing GIT permissions - multiple repositories 更改 github 用于克隆和访问 GitHub 上的存储库的 ssh 密钥 - Change which ssh key github uses to clone and access repos on GitHub 基于SSH的对Git存储库的选择性访问 - Selective access to Git repository based on SSH
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM