Using Gitolite to implement rights management of distributed version control system

Source: Internet
Author: User
Tags commit mkdir ssh version control system git clone

Git server is used for distributed version control (installation and use can refer to https://blog.csdn.net/LuyaoYing001/article/details/79314627), Gitolite is in git An authorization management tool that relies on sshd to determine who the user is and to determine the user's access rights.

Gitolite permissions control to control access to multiple Git repositories, read access is controlled by repo layer, write access control in Branch/tag/file/directory layer, including who can rewind,create and delete branches/ tags, to meet the needs of lightweight permission control, the use of environmental construction is relatively simple, relatively suitable for small teams of collaborative development. build a Gitolite server to create a git user
Useradd--system--shell/bin/bash--create-home git
passwd git
Download and install Gitolite
Su Root
Cd/opt
MkDir bin
git clone git://github.com/sitaramc/gitolite.git
/opt/gitolite/install-to/opt/gitolite/bin
Generate SSH key pair (client)
Use Git to generate a Super admin key pair.
Su git
CD ~
Ssh-keygen-t rsa-c "Youremail@example.com"
CP./.ssh/id_rsa.pub admin.pub

If the administrator key pair is generated on the client, it is uploaded to the server via SCP admin.pub [user-name]@[remote-server]:admin.pub]. Configuring the SSH public key (server side)
Su git
/opt/gitolite/bin/gitolite SETUP-PK ~/admin.pub

Clone admin Repo
git clone git@your_server:gitolite-admin

If you encounter a problem like this:
Fatal:r any gitolite-admin admin DENIED by Fallthru (or you mis-spelled the Reponame)
Fatal:could not read from remote repository.
Delete the. Gitolite directory under the Git directory.

There are two directories in the management library conf/and keydir/,conf/gitolite.conf are used for git project configuration access, keydir/is used to store the user's SSH public key.

At this point, Gitolite has been installed and ready to use. In the following sections, we describe how to add Gitolite project members, create project warehouses, and configure permissions for members. Add Gitolite Project members

The administrator obtains the public key from the project member, renames it to the username.pub format, and copies it to the Keydir directory in the Gitolite-admin local clone repository, add, commit, push to the remote repository. When a new member is added, project members can access the GIT service through their public key. The new member can clone any repository that is not controlled by default, such as the "testing" that Gitolite comes with.

git Add.
Git commit-m "Add user XXX"
git push Origin master
Create Gitolite Project warehouse (client)

Open gitolite-admin/conf/gitolite.conf with the editor and add two lines:

Repo Test
    rw+ = @admin

Commit this part of the modification, and push to the server, the remote Gitolite will automatically help you create an empty warehouse Foo and assign to the Admin group Read and write, delete permissions. In a real-world production environment, it is best to assign individual permissions to project users, see # Project Authorization Management #. Create a new Git project

mkdir Test
CD test
git init
git remote add origin git@your_server:test.git
touch README
git add README
git commit-m "Initial commit"
git push Origin Master:refs/heads/master
Add a git project that exists
CD test
git remote rm origin
git Remote add origin git@your_server:test.git
git push origin master or
git Push Origin <branch-name>
Project Authorization Management

Gitolite can be easily authorized via an authorization file:

@admins = ad1 ad2
@interns = int1
@staff = @admins @interns

repo testing
    rw int$ = @interns
    rw in t = @interns
    RW refs/tags/rc[0-9] = @staff
    rw+ = @admins

The interns group can have read and write access to a branch beginning with an int or 1 with int-;
The staff group has read and write access to the label branch of the warehouse rc[0-9];
The Admins group has read and write access to all branches of the repository, and the + delegate can have strong push, add, and delete permissions.

Reference: https://segmentfault.com/a/1190000006939068

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.