From: Daniel Barkalow <barkalow@iabervon.org>
To: "Gonzalo Garramuño" <ggarra@advancedsl.com.ar>
Cc: git@vger.kernel.org
Subject: Re: Git and securing a repository
Date: Wed, 2 Jan 2008 11:18:20 -0500 (EST) [thread overview]
Message-ID: <alpine.LNX.1.00.0801021058030.13593@iabervon.org> (raw)
In-Reply-To: <477B39B5.5010107@advancedsl.com.ar>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2124 bytes --]
On Wed, 2 Jan 2008, Gonzalo Garramuño wrote:
> I've been using git for some time and love it. For open source projects
> there's clearly nothing currently better.
>
> However, I am now using git for proprietary elements, which in the future I
> may need or want to partially restrict access to. The idea being that at my
> company some (junior) developers should not be given access to some elements.
> That means either that some full git repository should be password protected
> or even portions of the same repository.
>
> Another desirable way to protect elements might be only giving clone/pull
> access to a repository (or portion of it) but not permissions to push in
> changes.
In order to understand the security model, you have to remember that git
is designed as a distributed system. Authorization is fundamentally not at
a project level, but rather at a repository level, and clones are all
different repositories. This makes portability of the mechanism less
important, because a particular set of authorization rules only applies to
a particular repository, which is going to be on some single system.
For that matter, git doesn't run with any special privileges in general;
if a user can affect the repository with git operations, that user can
affect the repository by hand, so git-specific rules aren't helpful.
(Although I suppose it would be theoretically useful to make git-shell,
the shell that only runs git programs, able to apply restrictions, since
it is used in a context where the user doesn't have any other access to
the filesystem.)
For read access restrictions, you want to use submodules (or entirely
separate projects); git is fundamentally unhappy running with less than
all of the project accessible, except for when a project references
another project with submodules. And, of course, if the code base is such
that users can do useful work without any access to some of the files,
those files must be optional and somewhat separate from the necessary
portions, and it makes sense to handle them separately anyway.
-Daniel
*This .sig left intentionally blank*
prev parent reply other threads:[~2008-01-02 16:18 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-02 7:13 Git and securing a repository Gonzalo Garramuño
2008-01-02 6:34 ` Felipe Balbi
2008-01-02 10:04 ` Gonzalo Garramuño
2008-01-02 9:26 ` David Symonds
2008-01-02 10:39 ` Gonzalo Garramuño
2008-01-02 10:51 ` Jakub Narebski
2008-01-03 3:58 ` Shawn O. Pearce
2008-01-03 4:30 ` Bruno Cesar Ribas
2008-01-03 5:36 ` Gonzalo Garramuño
2008-01-03 4:45 ` Shawn O. Pearce
2008-01-03 6:08 ` Gonzalo Garramuño
2008-01-03 5:19 ` Shawn O. Pearce
2008-01-03 9:11 ` Jakub Narebski
2008-01-03 9:36 ` Junio C Hamano
2008-01-02 19:31 ` Jan Hudec
2008-01-02 19:41 ` Gregory Jefferis
2008-01-02 22:17 ` Linus Torvalds
2008-01-02 16:18 ` Daniel Barkalow [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LNX.1.00.0801021058030.13593@iabervon.org \
--to=barkalow@iabervon.org \
--cc=ggarra@advancedsl.com.ar \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).