Our project team is going to migrate from SVN to git, the other day I built the GIT environment, transferred the code from SVN, and all the members did pull and push through the GIT account on the server, and everything was in place, no problem. But then the other project team also intended to use this git server, then the problem is that the previous way of authorization is certainly not enough, because as long as you can connect to the server, then he has full access to all the repository on the server, which is obviously unacceptable. So plan to use gitolite this component to do permission control, search the next, find the article looks like the old version, so there is the idea of writing this article. Gitolite is actually a git repository, first installed on the server, the client on the server repository clone down, make some local changes, and then push back to the server, The server-side hooks updates the permissions based on the configuration of the push. Next, the installation and configuration steps are described
Preparatory workIf you have previously used a git account for permission control, remember to /etc/passwd replace the git user's shell and remove the key that is /bin/bash ~git/.ssh/authorized_key no longer needed. Use ssh-kengen to generate a pair of keys, such as Your-name and your-name.pub (for example, below), to copy the private key to the user's. SSH folder
| 1 | mvyour-name ~/.ssh/ |
Copy the public key to the GIT server
?| 1 | scpyou-name.pub [email protected]:~ |
For later convenience, here you can make a server alias, specify the user name required for the connection, the address of the server, the port, and the private key
?| 1 | vim ~/.ssh/config |
Enter the following content
?| 12345 | host githost user git hostname your.server.name.or.ip.address port 22 identityfile ~/.ssh/your-name |
Sign in to Git server
?| 1 | ssh[email protected] |
Download the latest Gitolite
?| 1 | git clone git://github.com/sitaramc/gitolite |
Installation, described here, there are 3 types of installation, the difference between the path with the specified build gitolite executable, here the Gitolite authors recommend the second, that is, the file generated $HOME/bin in, so that in the next bash directly execute the gitolite command without specifying the path ( If your ~/bin directory does not exist remember first mkdir ~/bin )
| 1 | gitolite/install-ln |
setting, because this is the first time this command is run, the key specified here is the one with Gitolite administrator privileges.
?| 1 | gitolite setup -pk your-name.pub |
This command will ~/repositories/ generate two repository:gitolite-admin.git and testing.git in your directory.
Back to your workstation.
?| 1 | exit |
Clone just generated the Gitolite-admin.git
?| 1 | git clone githost:gitolite-admin |
Note that this is the server alias you just prepared to connect to, The most important difference is the use of the Your-name.pub key, and not the absolute path to specify the repository you want to clone, but the name is directly used, and this name does not include the. git suffix. This is important because it is using the gitolite mechanism to clone, and if you skip it and use Git directly, some of its features will not be implemented. After cloning, push other repository that need to be controlled by Gitolite permissions must do so. Clone after the end of a new directory gitolite-admin , there are two folders conf and, the keydir first directory contains a configuration file, which is the location of the record permission configuration, the second directory contains all users of the pub key. Now we open the configuration file, we need to set it according to our permission configuration.
| 1 | vim gitolite-admin/conf/gitolite.conf |
I expect the configuration as follows, you can also make changes according to your needs
?| 123456789101112131415 | @repos_a @proj1 @proj2 @repos_b @proj3 @proj4 @proj5   @team_a @user1 @user2 Code class= "Text plain" > @team_b @user3 @user4   repo gitolite-admin rw+ = your-name repo @repos_a rw+ = @team_a r = @all   repo @repos_b rw+ = @team_b |
This configuration is very simple, the first definition of the two repository group, and then define the two user Group,group the benefit is to add repository and user later, do not need to be configured separately, just add to the corresponding group.
~/repositories , Remember that the folder name should end with. Git, and this repository must be bare, (you can copy the. git folder in the repository and run it git config --bool core.bare true or run it git clone --bare your-repository to get bare repository). An additional action in this way is to run the server once gitolite setup .keydir folderkeydir the corresponding pub keyNote that the above-mentioned operation must be changed in the clone's gitolite-admin, then push, do not on the server itself, that is useless, because these permissions configuration, repository management has some additional operations, Gitolite-admin will help you get everything done. Push your changes back to the server and try the Clone,pull,push to see if the permissions are correct. Like what
?| 1 | git clone githost:proj3 |
For more content, you can refer to the official documentation that was originally posted by Roy in: http://blog.chengbo.net/2012/04/20/ Use-gitolite-to-manage-git-repositories.html, you can reprint, distribute and print in the event that you keep the article intact and retain this statement.
[Reprint] Use Gitolite to implement permissions control on Git's repository
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
