有我我gitolite的conf的一部分:拒絕寫入訪問特定的分支gitolite
repo myproject
RW+ = teamlead1 teamlead2
- = dev1 dev2 dev3
R production = dev1 dev2 dev3
RW+ = dev1 dev2 dev3
R = deploy
所以,我想:
- teamleads有myproject的回購
- 開發者的完全控制僅具有「生產」分支的READ權限,並且完全訪問任何其他分支
- 部署用戶只具有對任何分支的讀權限
就目前而言,這樣的團隊成員和開發人員可以推到生產部門。我用gitolite2和gitolite3版本測試了它,但沒有成功。
Update0。 我真的很抱歉,我錯過了DENY系列中的「生產」分支規格。
所以,我做了我gitolite.conf
repo myproject
RW+ = teamlead1 teamlead2
- production = dev1 dev2 dev3
RW+ = dev1 dev2 dev3
R = deploy
那麼一點點修改,這裏是gitolite訪問檢查的輸出(感謝kostix):
[email protected]:~$ bin/gitolite access -s myproject dev1 W production
legend:
d => skipped deny rule due to ref unknown or 'any',
r => skipped due to refex not matching,
p => skipped due to perm (W, +, etc) not matching,
D => explicitly denied,
A => explicitly allowed,
F => denied due to fallthru (no rules matched)
D gitolite.conf:125 - refs/heads/production = dev1 dev2 dev3
W refs/heads/production myproject dev1 DENIED by refs/heads/production
爲READ訪問我有:
D gitolite.conf:125 - refs/heads/production = dev1 dev2 dev3
R refs/heads/production myproject dev1 DENIED by refs/heads/production
但在實踐中,我可以克隆並且還從遠程服務器推送到生產分支。
$ git push
Counting objects: 3, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 229 bytes, done.
Total 2 (delta 1), reused 0 (delta 0)
To [email protected]:myproject.git
1527c05..8485ede production -> production
UPDATE1
1) SSH -vvv [email protected]信息 我有
hello dev1, this is [email protected] running gitolite3 v3.6.1-6-gdc8b590 on git 2.0.4
R W deploy
R W deploy_test
R W myproject
2)
ssh-keygen -y
我已經完成了ssh keypaire與ss H-keyg根。順便說一句,情況是DEV2和DEV3相同等 3)我只有一個字符串匹配「DEV1」:
command="/srv/gitolite3/bin/gitolite-shell dev1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3Nz.....
更新我的答案,試圖分析新的輸入數據。 – kostix 2014-09-11 15:43:39