Reputation: 1312
Limit Read and Write Access to branches of a plain git repository based on user name
We are building an assessment process and want to limit the read and write access to specific branches for special users.
there are "normal" users that have read and write access to everything (these users will rate the answers) and there will be a given number of assessment users that should only have read access to master and read/write access to branches that contain their names (e.g. assessment-john.doe). Our assessment center will have a list with 500 users and passwords and will give each candidate a set of credentials from this list.
Short version: I'd like to configure git, that:
- Normal Users (e.g.
tobi,chris) have:- read & write access to master
- (ideally only) read access to branches starting with
assessment-
- Assessment Users (e.g.
assessment-1,assessment-2) have:- read access to master
- read/write access to branches that have the same
name as the user (e.g.
assessment-1) - no access to other branches.
We want to use plain git (and ssh) without any version control gui server like gitlab or github as the task doesnt require this.
EDIT: To make it clear: Read control is way more important that write control. (except for master).
Upvotes: 0
Views: 911
Answers (2)
Reputation: 1312
What I've done now:
- clone a central repository
- strip any branches except master
- rename master with the branch name for the user
- copy some hooks in the repository
- give the correct user read access to the repository
- add the user to a group that is allowed to run a specific script via sudo as another user
- write a hook that pushes the branch to the central repository on a push of the user to its repository
Upvotes: 0
Reputation: 45679
You cannot meet those requirements with built-in functionality of git. Access control is left to the hosting environment.
You could fake some level of write permission (by using signed commits and hooks to reject pushes that violate the authorization rules), but probably not exactly what you're asking for; and the limited read permission is right out; you'd basically have to use separate repos.
You can write your own server to perform access control, or you can use an existing one; but your characterization of existing host software (implying that its main function is to provide a gui) is mistaken; and your assertion that your task doesn't require one is incorrect in light of access control being part of the task.
Upvotes: 2
Related Questions
- A way to restrict Git branch access?
- Git: disable read access on a per-branch basis for individual git users?
- User Access Control in git
- Can we set the permission of accessible to a branch only in a Git repository?
- Allow git user only to create feature branches, commit and create pull requests
- User permission on branch level in Git?
- Git user authorization per branch by hook
- Git: Prevent extern user's from accessing specific branches
- Restricting users to a branch on GITHUB
- Let user push only to his own branch