Re: Restricted git push ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 19 Jul 2011 16:03:11 +0530
"J. Bakshi" <joydeep@xxxxxxxxxxxxxxx> wrote:

> On Tue, 19 Jul 2011 15:35:42 +0530
> Sitaram Chamarty <sitaramc@xxxxxxxxx> wrote:
> 
> > On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote:
> > > Hello list,
> > >
> > > I have installed git repo based on http://  protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
> > 
> > man git-http-backend has an example config described thus:  "To enable
> > anonymous read access but authenticated write access...".  It
> > certainly sounds like what you want.
> > 
> > Not sure what sort of http access you have setup 
> 
> I have 
> 
> ``````````
> <Location /git>
> AuthType Basic
> # Message to give to the committer
> AuthName "Write access requires a password"
> # File listing users with write (commit) access
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Location>
> ``````````
> 
> So authentication is require forman git-http-backend both read and write. Now to use one more level to restrict push user I have added one more restriction like
> 
> <LocationMatch "^/git/.*/git-receive-pack$">
> AuthType Basic
> # Message to give to the committer
> AuthName "Write access requires a password"
> # File listing users with write (commit) access
> AuthUserFile /home/git/pushACL
> Require valid-user
> </LocationMatch>
> 
> read access is working fine, but write access not. log reports 
> 
> ````````
>  user testuser not found: /git/web.git/info/refs
> ``````````
> 
> Don't know why it is searching at /git/web.git/info/refs !!
> 

OK, seems the write authentication is checked twice. one for the first stanza for read access and second-time for the 2nd stanza the write access.
How can I tweak the first stanza only for read access ?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]