Using Gitorious in a private server

9 views
Skip to first unread message

Diego Algorta

unread,
Oct 28, 2008, 11:00:51 PM10/28/08
to Gitorious
Hi all,

So... I'd like to install gitorious in a private server where about 5
developers will be using it. The idea is that each developer may have
his own projects and obviously can fork other developer's projects and
so on. The problem I'm facing is how to configure script/git-daemon so
only some specified users can get a project read-only clone via the
git protocol. Reasoning for this is that not all hosted projects would
be public so a project's owner should be able to decide which users
should be able to clone it or not.

If we rely only on using the ssh protocol with the shared gitslave
user... then each user only can clone his own projects... and always
read-write.

Do I explain myself?

Any suggestion on how to do this?

At least... if it's not really possible to do the perms check on a per
user basis... maybe there's some way to at least limit the git-daemon
to only deliver clones to gitorious registered users?

Thank you!

Dalton Calford

unread,
Oct 29, 2008, 2:13:20 PM10/29/08
to gito...@googlegroups.com
Ok, we do something very similiar, but we rely upon the underlying
file system to perform the permissions.
We use a central server, and scripts to create bare repositories.
The scripts also happen to configure the underlying file systems ACL
support to allow certain group users to have read-only, read-write or
no access, and we have between 7-9 different groups, all with
different levels of support.

Since it is at the file system level, we don't care if they access the
system via ssh, git, git-pserver or even the web, as our web-cgi's
operate as the user once they have authenticated from our active
directory servers.

The issue we have right now is bringing everything together under a
unified shell, as well as some issues with windows/unix file
translations while using the git-pserver.

2008/10/28 Diego Algorta <di...@oboxodo.com>:

Johan Sørensen

unread,
Oct 29, 2008, 2:22:23 PM10/29/08
to gito...@googlegroups.com
Hi Diego,

On Wed, Oct 29, 2008 at 12:00 AM, Diego Algorta <di...@oboxodo.com> wrote:
> At least... if it's not really possible to do the perms check on a per
> user basis... maybe there's some way to at least limit the git-daemon
> to only deliver clones to gitorious registered users?

Another approach, which would require a bit of code, is to be able to
set read/write permissions on a per user basis, and then only having
people clone via ssh. That way the ./script/gitorious command (which
does the auth for writing) could be written that it'll check both the
incoming git command and whether that user has access or not.

But, there's little support out of the box for it. But, considering
the amount of people using gitorious for private install (according to
the git-survery results at least) maybe it's time to support such
scenarios proper?

> Thank you!

Cheers,
JS

Reply all
Reply to author
Forward
0 new messages