tags:

views:

45

answers:

4
+1  Q: 

Git deny users to create tags

Hello

Here is a question about git repo management...

Is it possible to configure git repo to allow TAG creation only for some users? And similar question for branch: is it possible to configure list of user, who are able to modify particular branch?

The idea for all this config is: there is git repo with MANY developers, and we want to have a few stable branches and list of tags. And only senior developers will be able to modify those branches and create tags. All other developers still can create branches and so on. But if developer wants to promote his changes to one of stable branches, he must to contact senior person to ask him to make merge...

thank you

+1  A: 

For branches and annotated tags (i.e. versioned tags that can be pushed/pulled), gitolite can provide that kind of access control.

See "security, access control, and auditing"

This kind of tool allows for the protection of "central" repositories: if you have the right credentials, you can clone them and do what you want with your local copy, but as soon as you want to push back, gitolite will control the permissions associated with that remote repo.

VonC  2010-07-07 19:43:51
+1  A: 

Gerrit (mainly a code review system) solves this problem almost exactly as you're describing it.

You define groups, and then set repository permissions on who can push for review in a branch, who can push changes directly to a branch, who can push tags (of various types) and even who can see/push to your top-secret branch.

Our gerrit instance is open to the world, although we do limit who can push what and where (and have some collaborators on some projects who can do more than others).

Dustin  2010-07-07 20:35:25
A: 

It is my understanding through reading the documentation and personal experience that Git is not designed to be used in that way. What you're describing can easily be handled by a multiple repository scenario in which lesser developers push to a development repository and the senior developers pull changes from that, merge, test, etc... and then deploy to a production repo from which any developer can pull.

Chris  2010-07-07 20:37:37
A: 

You can limit access using standard file access rules on .git/refs/heads and .git/refs/tags. For example, if you make .git/refs/tags mode 775, then only members of the group that owns .git/refs/tags will be able to make tags. Similarly, you can restrict read permission to .git/refs/heads/foo so that only those with read access will be able to checkout branch foo, and only those with write access to .git/refs/heads will be able to create new branches. This is an unreliable technique, however, and you'd be much better off using distinct repositories with appropriate accesses.

William Pursell  2010-07-08 07:25:13

related questions

How to have two remote orgins for Git?
Why is branching and merging easier in Mercurial than in Subversion?
Is there a better way of writing a git pre-commit hook to check any php file in a commit for parse errors ?
Bug tracker setup with Git integration?
Does git have anything like `svn propset svn:keywords` or pre-/post-commit hooks?
git-stash vs. git-branch
Git "bad sha1 file" error
Should I use GitHub+Fogbugz or Assembla?
How do you remove a specific revision in the git history?
How do you organise multiple git repositories?
What is the Difference Between Mercurial and Git?
How do I restore files to previous states in git?
Is there anything like TortoiseCVS and TortoiseSVN for git?
Good Git repository viewer for Mac
Deploying a Git subdirectory in Capistrano
How to "unversion" a file in either svn and/or git
How can I graph the Lines of Code history for git repo?
Switch branch names in git
Migrating to GIT
How can I set up an editor to work with Git on Windows?
How do you deal with configuration files in source control?
Undoing a git reset --hard HEAD~1
Version Control. Getting started...
Why is Git better than Subversion?
Distributed source control options