tags:

views:

83

answers:

5
+2  Q: 

Give Read-only access to a git repository

I'm not sure if this should go here, or on superuser (as it seems to pertain to both topics), so I've put it here, if it's not appropriate, all go ask it on superuser.

Anyway, I have a git repository that can't go completely open source (otherwise I would just put it on github and be done with it), and I have a server that I have ssh access (but not superuser access) to, this server has all of the git binaries already on it. I need to give someone read-only access to this git-repo (or at least read-only access to some of the branches, although I would imagine that's a lot harder).

Currently I'm using ssh to push and poll my local git repo to this server. Is there any way to give another person read only access to the server? (I suppose I am fine with us both having write access to the repo, although I'm not sure how to do that with unix permissions, as I don't have the ability to make new unix groups as I don't have superuser permissions).

Thank you for you're help.

A: 

You can have private repositories on Github...they just cost a few dollars a month depending on the # of developers. You can control access VERY easily from there.

Climber104  2010-10-11 17:30:13
+1  A: 

In .ssh/authorized_keys you can specify a command that is always run when a given public key is used to log in. You could probably set this to git-upload-pack /path/to/repo.git and git pull just might work. There may very well be non-obvious security pitfalls with this approach.

See the sshd manual page for the format of the authorized_keys file.

Jouni K. Seppänen  2010-10-11 17:42:04
Hmm...it looks like my .ssh folder doesn't actually have an authorized_keys file, only a known_hosts one.
Leif Andersen  2010-10-11 17:49:32
You can create one, with multiple public keys.
Jouni K. Seppänen  2010-10-11 18:17:54
A: 

You want to use the git protocol. http://www.kernel.org/pub/software/scm/git/docs/git-daemon.html

It'll be public to everybody, which may not be what you want, but nobody will be able to do a push over git://.

You can control what branches they can access by only pushing the branches you want to be accessible to it.
I would do this by having a separate clone from your ssh enabled private repository, and then add that as a remote. Then you can do git push pub public-branch, so then private-branch won't be accessible from that location.

jonescb  2010-10-11 17:42:55
Ya, I'm thinking this is the best (or at least the easiest) way to do it. I just obfuscated the path of directory with like this: projectname-small-set-of-random-symbols, which I think will be okay, as I'm not a big target, and the parent directory isn't world readable. Although I have one issue. Although I need a bit of help. I had already made the branch, and pushed it to the server (the bare version) (I renamed it as mentioned above). Than I put the git-daemon-export-ok file in it, and ran the git daemon. The problem is that I have to keep git daemon running in order to keep the...
Leif Andersen  2010-10-11 21:42:39
...branch publicly available, and it stops whenever I close the connections, etc. So is there any way (without superuser access) that I can set it up to have that working all the time? Thanks
Leif Andersen  2010-10-11 21:47:14
jonescb  2010-10-12 02:54:26
Hmm...that worked, thanks. Hopefully it won't have any bad side effects.
Leif Andersen  2010-10-12 14:34:29
+1  A: 

You can set up ACLs to manage the rights on your repositories... There is a lot of details about this topic in the Pro Git book. And according to what I have read so far, yes you can apply this on select branches if you like.

Eric-Karl  2010-10-12 01:55:10
A: 

You can use one of tools for managing git repositories like gitosis (in Python) or gitolite (in Perl), which allow for controlling acces to repositories (or you can use your own solution, similar to example update-paranoid update hook).

The other solution would be to use one of git hosting sites that offer private repositories (e.g. Codaset provides 1 (semi)private repository in free plan, with 200 MB disk space limit).

Jakub Narębski  2010-10-13 11:01:57

related questions

How to have two remote orgins for Git?
Why is branching and merging easier in Mercurial than in Subversion?
Is there a better way of writing a git pre-commit hook to check any php file in a commit for parse errors ?
Bug tracker setup with Git integration?
Does git have anything like `svn propset svn:keywords` or pre-/post-commit hooks?
git-stash vs. git-branch
Git "bad sha1 file" error
Should I use GitHub+Fogbugz or Assembla?
How do you remove a specific revision in the git history?
How do you organise multiple git repositories?
What is the Difference Between Mercurial and Git?
How do I restore files to previous states in git?
Is there anything like TortoiseCVS and TortoiseSVN for git?
Good Git repository viewer for Mac
Deploying a Git subdirectory in Capistrano
How to "unversion" a file in either svn and/or git
How can I graph the Lines of Code history for git repo?
Switch branch names in git
Migrating to GIT
How can I set up an editor to work with Git on Windows?
How do you deal with configuration files in source control?
Undoing a git reset --hard HEAD~1
Version Control. Getting started...
Why is Git better than Subversion?
Distributed source control options