tags:

views:

313

answers:

2
+4  Q: 

Can I "disable" git-clone over http?

I'm using git to manage a tiny project. I've been performing all of my transactions (clone, push, pull, etc) through SSH, but recently ran git-update-server-info because I wanted to experiment with running git-clone over http. It worked great. Cool. Now I realize though that anyone can clone my repository over http without any credentials. I'm vaguely aware of setting up http authentication through gitosis, but that's really not what I want. I'd prefer to just disable http cloning entirely.

Is there a way I can tell git to only allow transactions over ssh? Or can I undo what I did when I ran git-update-server-info to enable cloning over http in the first place?

+2  A: 

Delete .git/objects/info/packs and .git/info/refs

geocar  2009-08-28 18:22:30
+2  A: 

For git repository to be available via HTTP transport, it needs to be "exported" by (any) web server. If your repository (to be more exact its .git directory) is visible from outside in a web browser, then it can be cloned or fetched anonymously via HTTP protocol. git update-server-info is used to generate extra auxiliary helper information (.git/objects/info/packs and .git/info/refs) for clone (or fetch) to know what is available.

So what you need to do is to either remove those two files (.git/objects/info/packs and .git/info/refs), or just make it so your repository is not available via web, perhaps by changing permissions in such way that user which web server runs as (usually 'nobody' or 'www', or 'apache') doesn't have access to .git repository. Or configure web server so that it doesn't export (make visible) your repository.

The HTTP protocol is (currently) so called "dumb" protocol, meaning that it serves files as is, and access control is done by a [dumb] server, in this instance by web server you use (or by filesystem).

I guess that your repository is not exported by web server, so you don't have anything to worry about: your repository is not available via HTTP.

Note that it is quote usual for Git repositories to have anonymous unauthenticated read-only access, and require authentication only for writing to repository i.e. pushing (at least for open-source projects)

Jakub Narębski  2009-08-28 18:29:09

related questions

How to have two remote orgins for Git?
Why is branching and merging easier in Mercurial than in Subversion?
Is there a better way of writing a git pre-commit hook to check any php file in a commit for parse errors ?
Bug tracker setup with Git integration?
Does git have anything like `svn propset svn:keywords` or pre-/post-commit hooks?
git-stash vs. git-branch
Git "bad sha1 file" error
Should I use GitHub+Fogbugz or Assembla?
How do you remove a specific revision in the git history?
How do you organise multiple git repositories?
What is the Difference Between Mercurial and Git?
How do I restore files to previous states in git?
Is there anything like TortoiseCVS and TortoiseSVN for git?
Good Git repository viewer for Mac
Deploying a Git subdirectory in Capistrano
How to "unversion" a file in either svn and/or git
How can I graph the Lines of Code history for git repo?
Switch branch names in git
Migrating to GIT
How can I set up an editor to work with Git on Windows?
How do you deal with configuration files in source control?
Undoing a git reset --hard HEAD~1
Version Control. Getting started...
Why is Git better than Subversion?
Distributed source control options