1

I'm having a config file like this:

@all = @group1 @group2 @group3
@group1 = user1 user2 user3
@group2 = user4 user5 user6
@group3 = user7 user8 user9

repo production_repo
    RW+           = server_key
    R             = @all

    R group_branch1 = @group1
    R group_branch1_user1 = @group1
    RW group_branch1_user1 = user1

Problem is now that also i give just read rights to all users, everyone can write on the master branch. When i add a - master = @all as first line the result is the same.

How can i make master read-only to the @all group and give right permissions just on the users own featurebranch?

Thanks in advance.

Daniel
  • 157
  • 2
  • 12

2 Answers2

1

Following "Gitolite permissions on branches" and the gitolite rules, you could try:
(only for gitolite g3, unfortunately, which means a g2 would need to migrate)

repo production_repo

    RW+           = server_key
    R     master  = @all
    -     master  = @all

    R group_branch1 = @group1
    R group_branch1_user1 = @group1
    RW group_branch1_user1 = user1
Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • hey, thanks but this didn't solve it. i still can write with e.g. user1 to the master branch. – Daniel Apr 17 '13 at 16:35
  • @Daniel are you using gitolite V3 or V2? – VonC Apr 18 '13 at 05:57
  • We're running a v2.. i run v3 locally for testing. Any chance to get this running on v2? – Daniel Apr 18 '13 at 09:27
  • @Daniel not sure how the rules have evolved between v2 and V3, but I would be interested to know if this works with your local V3 testing installation. The migration process (http://gitolite.com/gitolite/migr.html) seems straightforward enough and doesn't touch your bare repos. – VonC Apr 18 '13 at 09:30
  • Thanks VonC this is working in v3, i tested this locally. I'll try to get the server updated for this purpose then. I'm marking your answer as helpfull, thanks! – Daniel Apr 18 '13 at 10:17
  • @Daniel ok, I have updated the answer to make the "only for g3" caveat more visible. – VonC Apr 18 '13 at 10:20
0

Please set 

repo foo
     deny-rules = 1
forvaidya
  • 3,041
  • 3
  • 26
  • 33
  • Does that answer your previous question as well (http://stackoverflow.com/q/16265008/6309)? And regarding deny-rules, have a look to what Sitaram Chamarty (creator of gitolite) has to say: http://stackoverflow.com/a/16390752/6309 – VonC May 06 '13 at 12:41