Reputation: 4153
FATAL: W refs/heads/master DENIED by fallthru - Gitolite Folder permission setup
I have Gitloite version 3 hosted on Amazon WS (Git v1.9.1/gitolite v3.6.1-6)
I have the following setup:
Acme-Repository
|
|------- <JEE>
|
|--------<Android>
|
|--------<iPhone>
I need to restrict the user's permission as follows to the folders:
• Usera - Read/write - JEE
• UserB - Read/write - Android
• UserC - Read/write - iPhone
I have got the following setup in the gitolite.config
RW+ Jee/ = UserA
RW+ Android-App/ = UserB
RW+ iPhone-App/ = UserC
While pushing as UserA, I am getting the following error:
remote: FATAL: W refs/heads/master Acme-Repository UserA DENIED by fallthru
remote: error: hook declined to update refs/heads/master
I've tried:
RW+ NAME/Jee/ = UserA
..
AND
RW+ refs/head/Jee/ = UserA
..
But both returned the same results. What could be wrong? I tried this, this and this
Update - Now working configuration
After Original Author Sitaram's answer on google groups and answer from @vonc - now I have the following and works like a charm:
@AllDevelopers = UserA UserB UserC
@Jee = UserA
@Android = UserB
@iPhone = UserC
RW+ = @AllDevelopers
- VREF/NAME/Jee/ = @Android @iPhone
- VREF/NAME/Android-App/ = @Jee @iPhone
- VREF/NAME/iPhone-App/ = @Android @Jee
What the above configuration in human language means -
- @AllDevelopers group will have access to the repository, but
- @Android and @iPHone are denied access to Jee folder and subfolders.
- @Jee and @iPhone developers are denied access to Android-App folder and subfolders.
- @Android and @Jee developers are denied access to iPhone-App folder and subfolders.
Upvotes: 2
Views: 6179
Answers (1)
Reputation: 1324278
Protecting against files or directory is done by VREF (see gitolite doc)
VREF/NAME/xxx
In your case (VREF/NAME doc):
@users = UserA UserB UserC
repo Acme-Repository
# allow pushing to any branch for any paths
RW+ = @users
# except for those specific paths:
- VREF/NAME/Jee/ = UserA
- VREF/NAME/Android-App/ = UserB
- VREF/NAME/iPhone-App/ = UserC
Since a VREF is considered an "additional deny rule", you need to allow access first (RW+ @users) before restricting access with VREF rules.
(Just saw Sitaram Chamarty -- author of gitolite -- answer on groups.google.com)
Upvotes: 1
Related Questions
- DENIED by fallthru
- git, gitolite error push
- Setting up gitolite: FATAL: R any gitolite-admin gitolite denied by fallthru
- Cannot clone repository: FATAL: R any gitolite-admin gitolite DENIED by fallthru
- Permissions for Gitolite with GitWeb does not work
- Gitolite Error: gitolite-admin not a repo
- gitolite and file permissions
- Gitolite gives error message when pushing gitolite-admin: could not symlink
- gitolite broken: pull is not possible
- gitolite installation: I cannot clone gitolite-admin repo!