[英]What is the practical difference between a git --bare and --shared directory?
The docs state文档状态
--bare
- 裸
Create a bare repository.
创建一个裸仓库。 If GIT_DIR environment is not set, it is set to the current working directory.
如果未设置 GIT_DIR 环境,则将其设置为当前工作目录。
and和
--shared[=(false|true|umask|group|all|world|everybody|0xxx)]
--shared[=(false|true|umask|group|all|world|everybody|0xxx)]
Specify that the Git repository is to be shared amongst several users.
指定 Git 存储库将在多个用户之间共享。 This allows users belonging to the same group to push into that repository.
这允许属于同一组的用户推送到该存储库。 When specified, the config variable "core.sharedRepository" is set so that files and directories under $GIT_DIR are created with the requested permissions.
指定后,将设置配置变量“core.sharedRepository”,以便使用请求的权限创建 $GIT_DIR 下的文件和目录。 When not specified, Git will use permissions reported by umask(2).
如果未指定,Git 将使用 umask(2) 报告的权限。
The option can have the following values, defaulting to group if no value is given: ...
该选项可以具有以下值,如果没有给出值,则默认为 group:...
I always thought我一直以为
Why do I need anything else?为什么我还需要其他东西? What does "shared" mean?
“共享”是什么意思? (For the "bare" option see also this question ).
(对于“裸”选项,另见这个问题)。 And I just tested that
git init --shared=all
is possible and thus independent of --bare
.我刚刚测试了
git init --shared=all
是可能的,因此独立于--bare
。 (Which was a surprise after reading this question ) (读完这个问题后很惊讶)
Like the link you mentioned, the two aren't mutually exclusive.就像您提到的链接一样,两者并不相互排斥。
--shared
is used mainly for managing permissions, and --bare
is to create a repo without a working directory, and it's used for sharing. --shared
主要用于权限管理,-- --bare
是创建一个没有工作目录的repo,用于共享。 This link was helpful for me: https://serverfault.com/a/113688这个链接对我很有帮助: https : //serverfault.com/a/113688
As saxo said , these two options can (and sometimes do) work in tandem:正如saxo 所说,这两个选项可以(有时确实)协同工作:
--bare
makes a bare repository , ie, a repository with no working tree. --bare
创建一个裸仓库,即一个没有工作树的仓库。
--shared= mode
makes sure that Git uses Unix-style permissions on its own internal files according to the mode
argument. --shared= mode
确保 Git 根据mode
参数对其内部文件使用 Unix 风格的权限。 This is not likely to work on anything that is not a Unix-like system, but since Linux is a Unix-like system, it works well on Linux servers.这不太可能在任何非类 Unix 系统上运行,但由于 Linux 是类 Unix 系统,因此它在 Linux 服务器上运行良好。
A bare repository—one with no working tree—cannot have any work done in it.一个裸仓库——一个没有工作树的仓库——不能在其中完成任何工作。 This makes it an ideal recipient for work done elsewhere .
这使它成为在其他地方完成的工作的理想接受者。 That work-done-elsewhere arrives at the server computer via
git push
.在别处完成的工作通过
git push
到达服务器计算机。
A non-bare repository can have work done in it.非裸存储库可以在其中完成工作。 Suppose someone has logged on to the server, and is performing ongoing work in the non-bare repository.
假设有人已登录到服务器,并且正在非裸存储库中执行正在进行的工作。 Suddenly, someone on some other computer runs
git push server branch
.突然,其他计算机上的某人运行
git push server branch
。 This is a request that the server accept new commits and update its (the server's) branch named branch
.这是服务器接受新提交并更新其(服务器的)名为
branch
的请求。 But the person who is working on the server is in the middle of making updates to that same branch.但是在服务器上工作的人正在对同一分支进行更新。 How will Git reconcile the incoming updates with the logged-in-on-the-server-user's updates?
Git 将如何将传入的更新与登录到服务器的用户的更新进行协调? The answer is: It won't.
答案是:不会。 The server Git will refuse the incoming update, because some user is potentially doing work on the server.
服务器 Git 将拒绝传入的更新,因为某些用户可能正在服务器上工作。
Since a bare repository has no working tree, it is impossible to do any work in it.由于裸仓库没有工作树,因此不可能在其中做任何工作。 Therefore, no one is working on this bare repository on the server.
因此,没有人在服务器上处理这个裸存储库。 Therefore it is safe to accept an incoming push.
因此,接受传入的推送是安全的。 Conclusion: non-bare = not-safe;
结论:非裸 = 不安全; bare = safe.
裸 = 安全。 A
--bare
clone, on a server, can accept pushes.服务器上的
--bare
克隆可以接受推送。 Hence, server clones are normally bare.因此,服务器克隆通常是裸的。
The shared stuff is much more complicated.共享的东西要复杂得多。 Given that you have a Linux server with a bare clone, we now ask: Who has access to this Linux server?
鉴于您有一台带有裸克隆的 Linux 服务器,我们现在问:谁可以访问这台 Linux 服务器? How do they log in to the server?
他们如何登录服务器? Does this affect their ability to use
git push
?这会影响他们使用
git push
的能力吗? The answers here vary, hugely .这些问题的答案在这里有所不同,巨大的。 For instance, the servers that GitHub run don't allow users to log in at all, but do allow, via specialized tricks,
ssh
push access, as long as the users push as a pseudo-user named git
.例如,GitHub 运行的服务器根本不允许用户登录,但允许通过专门的技巧
ssh
推送访问,只要用户以名为git
的伪用户身份推送。 This method bypasses all the normal Linux security stuff, and the --shared
mode stuff becomes irrelevant.这种方法绕过了所有正常的 Linux 安全性内容,而
--shared
模式的内容变得无关紧要。
Other systems, however, do allow users to ssh in. Some users have full access as themselves (so that they can use sudo
and/or do other administrative tasks directly on the server).但是,其他系统确实允许用户通过 ssh 进入。一些用户拥有自己的完全访问权限(以便他们可以直接在服务器上使用
sudo
和/或执行其他管理任务)。 Other users may have more limited access, but still as themselves .其他用户可能有更有限的访问权限,但仍然是他们自己。 They "log in" on the server and have a user ID, and with that, user and group IDs and accompanying permissions.
他们在服务器上“登录”并拥有一个用户 ID,以及用户和组 ID 以及随附的权限。
The Linux permissions model allows Git to work with the Linux group-permissions model, provided that the Git repository itself contain group-writable directories. Linux 权限模型允许 Git 使用 Linux 组权限模型,前提是 Git 存储库本身包含组可写目录。 Since Git creates new directories on its own (during, eg,
git push
operations), these newly-created directories must have the correct permissions—specifically, group-write permission (and correct group ownership, which is managed separately, not by Git).由于 Git 自行创建新目录(例如,在
git push
操作期间),这些新创建的目录必须具有正确的权限——特别是组写入权限(以及正确的组所有权,单独管理,而不是由 Git 管理) . To make this happen automatically, the adminstrator should create this repository with --shared=group
or similar.要自动执行此操作,管理员应使用
--shared=group
或类似参数创建此存储库。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.