BJ Hargrave wrote: > On May 28, 2010, at 08:28 , Goran Mekić wrote: >> There's more then one developer and 600 is set to just one user. >> Post-receive hook is executed as developer doing push. The accounts are in >> LDAP, but I can't set all their UID number to same number because it's >> used >> for PAM. I was thinking about ACL. Is that even a solution? The dumb one >> would be cron, but I wish I avoid pushing when there's no change. >> > > What about having a script which does the push have setuid to the owner of the key. Then the post-receive hook can invoke that script which will have access to the ssh key to do the push. That should work. another option would be, that the post receive hook copies the ssh-key file, changes its permission andcontinues only then to push. If all users have ssh access to first server AND to second server and all users use ssh-agent, then all users had just to make sure, that they do agent forwarding in their .ssh/config script. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html