Following the instructions in this link I managed to create a repository on my $HOME
on the uni's server. I clone/pull/push to this repository on the server using SSH
.
My question is: Is it possible to grant access to someone else to clone/push/pull
from this repository? Obviously I do not have root privileges on the server side. Furthermore, I don't want to have it as a public repository... I want to know who is cloning and pushing to this one.
Can I do something like that on the web-storage part of my account? Where my wesite is stored, and then use something like htaccess
to manage access?
You could set POSIX ACLs on the repository, to allow more users to access it. But that won't guarantee somebody commits as another user / it's quite cumbersome to configure / ...
Instead, I suggest you to use gitolite: https://github.com/sitaramc/gitolite .
It works in a way very similar to the pull/push mechanism on github: one ssh user, a custom shell that authenticates the user depending on the ssh key that was used to login.
If you want something more complex (github-like, with a web UI providing lots of features), have a look at gitlab ( http://gitlabhq.org/ ) or gitorious ( http://getgitorious.com/ ).
In order to be able to login normally on the server as the user in which you installed gitolite:
~/.ssh/id_rsa-git_admin
on your workstation ~/.ssh/authorized_keys
file on the machine git clone git@yourhost:gitolite-admin
, and make sure it works. ssh -i ~/.ssh/id_rsa-git_admin git@yourhost
If the last two steps are ok, your installation is fine.
This is a tricky one, since most git setups depend on user accounts. I see two options for you, unless you can install Gitolite as described in @redShadow's answer.
If the other people have accounts on the same mashine, you cold use linux/unix group permissions and make the repository read/writeable by that group only. If the group does nor yet exists, someone with root access needs to create it.
If clone-only access for a limited group is okay for you and you are willing to receive changes in form of patches, you could move your repository into your website root folder and use htaccess to limit access to the file. But this would be readonly.
Your htaccess would look like
AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins
References:
I'm assuming you did a git init --bare ...
By default, when you init a bare repo, you give privileges for group writes and anyone else can read. That's dicussed on the help document for git init
:
http://www.kernel.org/pub/software/scm/git/docs/git-init.html
You can use the umask option to have tighter control over access:
0xxx: 0xxx is an octal number and each file will have mode 0xxx.
0xxx will override users' umask(2) value (and not only loosen permissions
as group and all does). 0640 will create a repository which is group-readable,
but not group-writable or accessible to others. 0660 will create a
repo that is readable and writable to the current user and group, but
inaccessible to others.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.