有我我gitolite的conf的一部分:拒绝写入访问特定的分支gitolite
repo myproject
RW+ = teamlead1 teamlead2
- = dev1 dev2 dev3
R production = dev1 dev2 dev3
RW+ = dev1 dev2 dev3
R = deploy
所以,我想:
- teamleads有myproject的回购
- 开发者的完全控制仅具有“生产”分支的READ权限,并且完全访问任何其他分支
- 部署用户只具有对任何分支的读权限
就目前而言,这样的团队成员和开发人员可以推到生产部门。我用gitolite2和gitolite3版本测试了它,但没有成功。
Update0。 我真的很抱歉,我错过了DENY系列中的“生产”分支规格。
所以,我做了我gitolite.conf
repo myproject
RW+ = teamlead1 teamlead2
- production = dev1 dev2 dev3
RW+ = dev1 dev2 dev3
R = deploy
那么一点点修改,这里是gitolite访问检查的输出(感谢kostix):
[email protected]:~$ bin/gitolite access -s myproject dev1 W production
legend:
d => skipped deny rule due to ref unknown or 'any',
r => skipped due to refex not matching,
p => skipped due to perm (W, +, etc) not matching,
D => explicitly denied,
A => explicitly allowed,
F => denied due to fallthru (no rules matched)
D gitolite.conf:125 - refs/heads/production = dev1 dev2 dev3
W refs/heads/production myproject dev1 DENIED by refs/heads/production
为READ访问我有:
D gitolite.conf:125 - refs/heads/production = dev1 dev2 dev3
R refs/heads/production myproject dev1 DENIED by refs/heads/production
但在实践中,我可以克隆并且还从远程服务器推送到生产分支。
$ git push
Counting objects: 3, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (2/2), 229 bytes, done.
Total 2 (delta 1), reused 0 (delta 0)
To [email protected]:myproject.git
1527c05..8485ede production -> production
UPDATE1
1) SSH -vvv [email protected]信息 我有
hello dev1, this is [email protected] running gitolite3 v3.6.1-6-gdc8b590 on git 2.0.4
R W deploy
R W deploy_test
R W myproject
2)
ssh-keygen -y
我已经完成了ssh keypaire与ss H-keyg根。顺便说一句,情况是DEV2和DEV3相同等 3)我只有一个字符串匹配“DEV1”:
command="/srv/gitolite3/bin/gitolite-shell dev1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3Nz.....
更新我的答案,试图分析新的输入数据。 – kostix 2014-09-11 15:43:39