Book Image

Gitolite Essentials

By : Sitaram Chamarty
Book Image

Gitolite Essentials

By: Sitaram Chamarty

Overview of this book

Table of Contents (19 chapters)
Gitolite Essentials
About the Author
About the Reviewers

Applying deny rules to read access

In the previous chapter, when we looked at the deny rules, we showed them only in the context of a write operation, controlling whether a certain branch or tag can be pushed or not.

By default, the deny rules are not examined when checking read access. So something like the following:

@junior-devs = alice bob carol
repo foo
    -             =  bob
    RW+           =  @junior-devs

will not prevent Bob from at least reading the repository (that is, using git clone or git fetch), even though the deny rule appears first.

However, it is possible to make Gitolite act on deny rules in this case also. This is achieved by specifying a Gitolite option called deny-rules, as follows:

repo foo
    -                   =  bob
    RW+                 =  @junior-devs
    option deny-rules   =   1

Now Bob will not even be able to clone the repository.


It is also important to understand that, for read access, specifying an actual branch in the deny rule, shown as follows...