How to get github-like behaviour for ssh access on my git server

Question

Suppose we have two separate github users: Foo and Bar. They own Quux and Waldo repositories respectively. So Foo can push to Foo/Quux and cannot push to Bar/Waldo. Opposite is right for Bar. Then Foo cloned his Quux repository:

$ git clone ...
...
$ git remote -v
origin  git@github.com:Foo/Quux.git (fetch)
origin  git@github.com:Foo/Quux.git (push)

Seems while Foo has write access to Foo/Quux repository via git user he has not write access to Bar/Waldo repository via same user. Is there any way I can reach the same behaviour on my git server? Am I supposed to write custom sshd daemon for this purpose?

Answer 1

You could use Gitolite to get fine-grained access control to your git repositories over SSH where every user is identified by her SSH key.

In contrast to the already mentioned gitosis, Gitolite is still maintained and supports a more fine-grained control over the repository access.

If you want more of GitHub's functionality internally you should take a look at GitLab and of course GitHub Enterprise.

Answer 2

You can use gitosis for fine grained access control to multiple repositories being shared across a team.

Answer 3

If the repositories are on the same server, there is no way to distinguish two users with the same username. Even a custom sshd wouldn't work because it would see the incoming connection for user "git" only, not the original username.

We manage our permissions with either usernames or groups. So some users belong to the "developers" group that can push to certain repositories and others belong to "users" which can push to other repositories. Each user logs in with his/her own username.