On Tue, 19 Jul 2011 16:15:29 +0530 "J. Bakshi" <joydeep@xxxxxxxxxxxxxxx> wrote: > On Tue, 19 Jul 2011 16:03:11 +0530 > "J. Bakshi" <joydeep@xxxxxxxxxxxxxxx> wrote: > > > On Tue, 19 Jul 2011 15:35:42 +0530 > > Sitaram Chamarty <sitaramc@xxxxxxxxx> wrote: > > > > > On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > > > > Hello list, > > > > > > > > I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ? > > > > > > man git-http-backend has an example config described thus: "To enable > > > anonymous read access but authenticated write access...". It > > > certainly sounds like what you want. > > > > > > Not sure what sort of http access you have setup > > > > I have > > > > `````````` > > <Location /git> > > AuthType Basic > > # Message to give to the committer > > AuthName "Write access requires a password" > > # File listing users with write (commit) access > > AuthUserFile /home/svn/PASSWD > > Require valid-user > > </Location> > > `````````` > > > > So authentication is require forman git-http-backend both read and write. Now to use one more level to restrict push user I have added one more restriction like > > > > <LocationMatch "^/git/.*/ $"> > > AuthType Basic > > # Message to give to the committer > > AuthName "Write access requires a password" > > # File listing users with write (commit) access > > AuthUserFile /home/git/pushACL > > Require valid-user > > </LocationMatch> > > > > read access is working fine, but write access not. log reports > > > > ```````` > > user testuser not found: /git/web.git/info/refs > > `````````` > > > > Don't know why it is searching at /git/web.git/info/refs !! > > > > OK, seems the write authentication is checked twice. one for the first stanza for read access and second-time for the 2nd stanza the write access. > How can I tweak the first stanza only for read access ? Just like git-receive-pack anything for git pull,clone etc.. ? then we can use those to restrict read access separately. Users having read access need not have the right access then. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html