For a shared git repo served over SSH and HTTPS, how to control access for both protocols?

Question

I'm using hooks/update to control who may update particular refs in a shared repository. This works great for SSH, but I recently discovered (with git-1.6.4.2, at least) this hook does not influence WebDAV pushes, i.e., any user may update any branch.

Yes, I could add Require group ... directives as in 8 ways to share your git repository along with separate group files, but I'd like to avoid having to maintain parallel authorization configs!

Another alternative is rewriting the hooks/update, but that seems a waste given that it's already working for SSH.

Answer 1

You should understand that for Git (currently) HTTPS is a "dumb" protocol, i.e. whole exchange goes without involving git on server at all, including running hooks; it is only web server (with WebDAV for HTTPS push) that is involved.

You should however take a look at repository access management tools, such as Gitosis (in Python, using setuptools), or new Gitolite (in Perl, simpler), or repo tool from the Google's Android project, or something else. Perhaps they would offer centralized access management.