3

Suppose we have two separate github users: Foo and Bar. They own Quux and Waldo repositories respectively. So Foo can push to Foo/Quux and cannot push to Bar/Waldo. Opposite is right for Bar. Then Foo cloned his Quux repository:

$ git clone ...
...
$ git remote -v
origin  [email protected]:Foo/Quux.git (fetch)
origin  [email protected]:Foo/Quux.git (push)

Seems while Foo has write access to Foo/Quux repository via git user he has not write access to Bar/Waldo repository via same user. Is there any way I can reach the same behaviour on my git server? Am I supposed to write custom sshd daemon for this purpose?

Improve this question

3 Answers 3

Reset to default
7

You could use Gitolite to get fine-grained access control to your git repositories over SSH where every user is identified by her SSH key.

In contrast to the already mentioned gitosis, Gitolite is still maintained and supports a more fine-grained control over the repository access.

If you want more of GitHub's functionality internally you should take a look at GitLab and of course GitHub Enterprise.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can use gitosis for fine grained access control to multiple repositories being shared across a team.

Improve this answer

1 Comment

gitosis hasn't been updated in years - gitolite is the community-accepted alternative.
0

If the repositories are on the same server, there is no way to distinguish two users with the same username. Even a custom sshd wouldn't work because it would see the incoming connection for user "git" only, not the original username.

We manage our permissions with either usernames or groups. So some users belong to the "developers" group that can push to certain repositories and others belong to "users" which can push to other repositories. Each user logs in with his/her own username.

Improve this answer

3 Comments

"If the repositories are on the same server, there is no way to distinguish two users with the same username." - You can still use different SSH keys to distinguish the users like GitHub, gitosis, and Gitolite do.
Relying on ssh keys is not always feasible (like when you don't have yours with you). Sourceforge.net also goes the username route, in fact, it even uses a special notation ("user,[email protected]") to enable roles.
Using usernames has a serious problem: it makes the URL of the repository different for each user. This is a show-stopper when using submodules, for example, and I bet is the main reason why GitHub and others use ssh keys.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.