diff options
| author | Junio C Hamano <junkio@cox.net> | 2005-12-05 00:57:48 -0800 |
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2005-12-05 00:58:23 -0800 |
| commit | dc5f9239f7cc577b7d503017583dcc26ad5991f0 (patch) | |
| tree | 8c69cabcd175fdd658fb8b013b031b2c13a3794c /Documentation/tutorial.txt | |
| parent | eb0362a467cc2cb5313bb859d78ea2d152b4a4ff (diff) | |
| download | git-dc5f9239f7cc577b7d503017583dcc26ad5991f0.tar.gz | |
Documentation: shared repository management in tutorial.
The branch policy script I outlined was improved and polished by
Carl and posted on the list twice since then. It is a shame not
to pick it up, so replace the original outline in
howto/update-hook-example.txt with the latest from Carl.
Also talk about setting up git-shell to allow git-push/git-fetch
only SSH access to a shared repository host in the tutorial.
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'Documentation/tutorial.txt')
| -rw-r--r-- | Documentation/tutorial.txt | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/Documentation/tutorial.txt b/Documentation/tutorial.txt index cf7ba76ddf..db0bf3e527 100644 --- a/Documentation/tutorial.txt +++ b/Documentation/tutorial.txt @@ -1636,6 +1636,41 @@ fast forward. You need to pull and merge those other changes back before you push your work when it happens. +Advanced Shared Repository Management +------------------------------------- + +Being able to push into a shared repository means being able to +write into it. If your developers are coming over the network, +this means you, as the repository administrator, need to give +each of them an SSH access to the shared repository machine. + +In some cases, though, you may not want to give a normal shell +account to them, but want to restrict them to be able to only +do `git push` into the repository and nothing else. + +You can achieve this by setting the login shell of your +developers on the shared repository host to `git-shell` program. + +[NOTE] +Most likely you would also need to list `git-shell` program in +`/etc/shells` file. + +This restricts the set of commands that can be run from incoming +SSH connection for these users to only `receive-pack` and +`upload-pack`, so the only thing they can do are `git fetch` and +`git push`. + +You still need to create UNIX user accounts for each developer, +and put them in the same group. Make sure that the repository +shared among these developers is writable by that group. + +You can implement finer grained branch policies using update +hooks. There is a document ("control access to branches") in +Documentation/howto by Carl Baldwin and JC outlining how to (1) +limit access to branch per user, (2) forbid overwriting existing +tags. + + Bundling your work together --------------------------- |