How do you setup a git repository where some users can see certain parts of the source code and other users can see all of it? I've seen lots of guides for only giving certain users commit access, but these assume everyone should have read access. I've also heard of gitosis, but I'm not sure it supports this and it hasn't had any commits in over a year so I think it's dead.
views:
424answers:
5
A:
As far as I know, there's only two ways
- UNIX file permissions. You restrict permissions to the repository based on user/group membership.
- Apache (or similar) .htaccess style permissions, where a user has to authenticate to the webserver (htdigest) and access is controlled based on these credentials.
Chris Kaminski
2009-07-28 19:45:13
The OP is asking about how to do access control on portions of the git repo, not the entire thing as one big lump...
bdonlan
2009-07-28 19:49:42
can't be done. You can either give access to the entire thing, or not at all. If you have code that you need to segregate, you need to do it by having multiple repos, or a custom gitview.cgi.
Chris Kaminski
2009-07-28 20:47:30
+1
A:
The native git protocol doesn't support this; git assumes in many places that everybody has a complete copy of all of the history.
That said, one option may be to use git-subtree to split off part of the repository into its own subset repository, and periodically merge back.
bdonlan
2009-07-28 19:49:15
A:
Git doesn't support access control on the repository. You can however, implement access control on the repository yourself, by using hooks, more specifically the update hook.
Jörg W Mittag
2009-07-28 21:44:32
+1
A:
In short: you can't. Git is snapshot based (at conceptual level at least) version control system, not changeset based one. It treats project (repository) as a whole. The history is a history of a project, not a union of single-file histories (it is more than joining of per-file histories).
Using hooks like update-paranoid hook in contrib, you can allow or forbid access to repository, you can allow or forbid acces to individual branches. You can even forbid any commits that change things in specified subdirectory. But the project is always treated as a whole.
Well, there is one thing you can do: make a directory you want to restrict access to into submodule, and restrict access to this submodule repository.
Jakub Narębski
2009-07-28 21:45:15
A:
Jörg has already pointed out that you can use hooks to do this. Exactly which hook(s) you need depends on your setup. If you want the permissions on a repo that gets pushed to, you'll need the update hook like he said. However, if it's on a repo that you're actually working in (committing and merging), you'll also need the pre-commit and post-merge hooks. The githooks manpage (Jörg linked to this too) notes that there's in fact a script in the contrib section demonstrating a way to do this. You can get this by grabbing a git tarball, or pull it out of git's gitweb repo: setgitperms.perl. Even if you're only using the update hook, that might be a useful model.
Jefromi
2009-07-29 13:57:03