Book Image

Gitolite Essentials

By : Sitaram Chamarty
Book Image

Gitolite Essentials

By: Sitaram Chamarty

Overview of this book

Table of Contents (19 chapters)
Gitolite Essentials
About the Author
About the Reviewers

Access Control example with Gitolite

We will see how simple Access Control can be with Gitolite. First, here's an example where the junior developers (let's call them Alice and Bob here) should be prevented from rewinding or deleting any branches, while the senior developers (Carol and David) are allowed to do so:


We will see this in more detail in later chapters, but Gitolite uses a plain text file to specify the configuration, and these access rules are placed in that file.

repo foo
  RW    =  alice bob
  RW+   =  carol david

You probably guessed that the RW stands for read and write. The + in the second rule stands for force, just as it does in the push command, and allows you to rewind or delete a branch.

Now, suppose we want the junior developers to have some specific set of branches that they should be allowed to rewind or delete, a sort of "sandbox", if you will. The following command will help you to implement that:

  RW+  sandbox/  =  alice bob

Alice and Bob can now push, rewind, or delete any branches whose names start with sandbox/.

Access Control at the repository level is even easier, and you may even have guessed what that looks like:

repo foo
    RW+     =   alice
    R       =   bob

repo bar
    RW+     =   bob
    R       =   alice

repo baz
    RW+     =   carol
    R       =   alice bob

As you can see, you have three users with different access permissions for each of the three repositories. Doing this using the file systems' permissions mechanisms or POSIX ACLs would be doable, but quite cumbersome to set up and to audit/review.