Reputation: 4615
Git: Prevent extern user's from accessing specific branches
I have to deal with the following scenario: Let's say we have a project and we use git for this purpose. Extern users should be available to work on parts of the code (plugins,...) not directly affected by internal changes. Thus, since git is not able to remove read privileges, what do you think about this procedure:
- Create two repositories repo_int, repo_ext. Repo_ext with only one branch called "shared".
- Let the extern developer push to that branch
- Use local clone to pull and push to the second internal developer branch
This could be done as follows:
create bare repositories
$ mkdir ~/remotes/repo_int.git
$ cd ~/remotes/repo_int.git && git init --bare
$ mkdir ~/remotes/repo_ext.git
$ cd ~/remotes/repo_ext.git && git init --bare
create new locale repository
$ cd /path/to/my/project && git init
create a shared branch & check out
$ git checkout -b shared
add remotes repo_ext and repo_int
$ git remote add -t shared repo_ext ~/remotes/repo_ext.git
$ git remote add repo_int ~/remotes/repo_int.git
make an initial push
$ git remote push repo_ext shared && git remote push repo_int *
set HEAD from repo_ext to branch shared
$ git symbolic-ref HEAD refs/heads/shared
to gain external access onto repo_ext:
$ git clone ~/remotes/repo_ext.git
do some changes and push the stuff
$ git push origin shared
in the internal repository perform a branch checkout and use the changes, e.g. to merge or cherry-pick
$ git clone ~/remotes/remote_int
$ git checkout -b shared repo_ext/shared
...
What would you say, is this an recommendable secure way to handle this? I heard about "gerrit", which is a code review tool with a far-reaching user right management. Would it be possible to deal with the problem using this tool?
Thanks a lot!
Upvotes: 2
Views: 344
Answers (1)
Reputation: 69773
Git is built as a decentralized version control system. That means you can easily push and pull commits between different repositories.
Just create a public repository and a private repository, and have the public repository only pull specific branches of the private one. When a commit to one of the public branches is pushed on either repository, you should use a post-receive hook to also push it onto the other.
This is in fact nothing else than you creating local branches on your local repository. You are the only one who can work with your local branches, unless you allow someone to pull them from you.
Upvotes: 3
Related Questions
- A way to restrict Git branch access?
- Git: disable read access on a per-branch basis for individual git users?
- User Access Control in git
- Preventing user to see other branches in repository
- Limit Read and Write Access to branches of a plain git repository based on user name
- Can we set the permission of accessible to a branch only in a Git repository?
- User permission on branch level in Git?
- Is there a way to restrict push access to users on a local git repo?
- Restricting users to a branch on GITHUB
- Let user push only to his own branch