Gitolite 权限控制
官网 http://gitolite.com/gitolite/index.html
安装配置 http://gitolite.com/gitolite/install/
傻瓜安装教程 http://gitolite.com/gitolite/fool_proof_setup/
快速指南(中文)https://git-scm.com/book/zh/v1/%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8A%E7%9A%84-Git-Gitolite
快速指南(英文)https://git-scm.com/book/en/v1/Git-on-the-Server-Gitolite
1安装
1) 创建 git 用户
useradd git passwd changeit
2)使用root用户安装git
yum list git yum install git
3)安装 perl-Data-Dumper.x86_64 (因为执行 gitolite/install 时的异常 Can't locate Data/Dumper.pm in @INC)
yum list perl*Dumper* yum install perl-Data-Dumper.x86_64
4)切换到 git 用户并克隆 gitolite 源码
su git cd ~ git clone https://github.com/sitaramc/gitolite
./install -to <dir> to copy the entire 'src' directory to <dir>. If <dir> is not in $PATH, use the full path to run gitolite commands. Please provide a full path, not a relative path.
ls gitolite -l ./gitolite/install -to ~/bin
Usage: gitolite setup [<option>] -pk, --pubkey <file> pubkey file name '-pk' can be used to replace the admin key; useful if you lost the admin's private key but do have shell access to the server.
./bin/gitolite setup -pk zxg.pub
7)在服务器端显示自动创建的仓库的目录结构
./repositories/gitolite-admin.git/ ./repositories/gitolite-admin.git/HEAD ./repositories/gitolite-admin.git/logs ./repositories/gitolite-admin.git/logs/HEAD ./repositories/gitolite-admin.git/logs/refs ./repositories/gitolite-admin.git/logs/refs/heads ./repositories/gitolite-admin.git/logs/refs/heads/master ./repositories/gitolite-admin.git/index ./repositories/gitolite-admin.git/description ./repositories/gitolite-admin.git/COMMIT_EDITMSG ./repositories/gitolite-admin.git/hooks ./repositories/gitolite-admin.git/hooks/pre-push.sample ./repositories/gitolite-admin.git/hooks/post-update ./repositories/gitolite-admin.git/hooks/prepare-commit-msg.sample ./repositories/gitolite-admin.git/hooks/update.sample ./repositories/gitolite-admin.git/hooks/commit-msg.sample ./repositories/gitolite-admin.git/hooks/pre-rebase.sample ./repositories/gitolite-admin.git/hooks/update ./repositories/gitolite-admin.git/hooks/pre-commit.sample ./repositories/gitolite-admin.git/hooks/pre-applypatch.sample ./repositories/gitolite-admin.git/hooks/applypatch-msg.sample ./repositories/gitolite-admin.git/hooks/post-update.sample ./repositories/gitolite-admin.git/gl-conf ./repositories/gitolite-admin.git/branches ./repositories/gitolite-admin.git/refs ./repositories/gitolite-admin.git/refs/tags ./repositories/gitolite-admin.git/refs/heads ./repositories/gitolite-admin.git/refs/heads/master ./repositories/gitolite-admin.git/objects ./repositories/gitolite-admin.git/objects/内容略 ./repositories/gitolite-admin.git/config ./repositories/gitolite-admin.git/info ./repositories/gitolite-admin.git/info/exclude
8) 在客户端验证该服务是否成功
git ls-remote git@123.206.22.178:gitolite-admin
结果(显示的是gitolite-admin 仓库内容):
e173b96b63241df3946f5babd0fcdc819a4eb0df HEAD
e173b96b63241df3946f5babd0fcdc819a4eb0df refs/heads/master
2 授权
1) 克隆 gitolite-admin 仓库到本地
git clone git@123.206.22.178:gitolite-admin
其目录结构为:
└─gitolite-admin ├─conf │ gitolite.conf │ └─keydir zxg.pub
2)假设为小红授权
① 将 xiaohong.pub 复制到 keydir 下
② 编辑 gitolite.conf 文件追加如下内容:
repo foo RW+ = xiaohong R = zxg
③ add 、commit 、push 三步提交到服务器即可
3)权限控制详细文档
access rule examples
Gitolite's access rules are very powerful. The simplest use was already shown above. Here is a slightly more detailed example:
repo foo
RW+ = alice
- master = bob
- refs/tags/v[0-9] = bob
RW = bob
RW refs/tags/v[0-9] = carol
R = dave
Here's what these example rules say:
-
alice can do anything to any branch or tag -- create, push, delete, rewind/overwrite etc.
-
bob can create or fast-forward push any branch whose name does not start with "master" and create any tag whose name does not start with "v"+digit.
-
carol can create tags whose names start with "v"+digit.
-
dave can clone/fetch.
Please see the main documentation linked above for all the gory details, as well as more features and examples.
groups
Gitolite allows you to group users or repos for convenience. Here's an example that creates two groups of users:
@staff = alice bob carol
@interns = ashok
repo secret
RW = @staff
repo foss
RW+ = @staff
RW = @interns
Group lists accumulate. The following two lines have the same effect as the earlier definition of @staff above:
@staff = alice bob
@staff = carol
You can also use group names in other group names:
@all-devs = @staff @interns
Finally, @all is a special group name that is often convenient to use if you really mean "all repos" or "all users".