2

I have Gitloite version 3 hosted on Amazon WS (Git v1.9.1/gitolite v3.6.1-6)

I have the following setup:

Acme-Repository
|
|------- <JEE>
|
|--------<Android>
|
|--------<iPhone>

I need to restrict the user's permission as follows to the folders:

•   Usera - Read/write - JEE  
•   UserB - Read/write - Android
•   UserC - Read/write - iPhone

I have got the following setup in the gitolite.config

RW+   Jee/      =  UserA
RW+   Android-App/  =  UserB
RW+   iPhone-App/   =  UserC

While pushing as UserA, I am getting the following error:

remote: FATAL: W refs/heads/master Acme-Repository UserA DENIED by fallthru
remote: error: hook declined to update refs/heads/master

I've tried:

RW+   NAME/Jee/ =   UserA   
..

AND

RW+   refs/head/Jee/ =   UserA  
..

But both returned the same results. What could be wrong? I tried this, this and this

Update - Now working configuration

After Original Author Sitaram's answer on google groups and answer from @vonc - now I have the following and works like a charm:

@AllDevelopers          = UserA UserB UserC
@Jee                    = UserA
@Android                = UserB
@iPhone                 = UserC

RW+                                 = @AllDevelopers                                          
  -   VREF/NAME/Jee/                = @Android @iPhone
  -   VREF/NAME/Android-App/        = @Jee @iPhone
  -   VREF/NAME/iPhone-App/         = @Android @Jee

What the above configuration in human language means -

  • @AllDevelopers group will have access to the repository, but
  • @Android and @iPHone are denied access to Jee folder and subfolders.
  • @Jee and @iPhone developers are denied access to Android-App folder and subfolders.
  • @Android and @Jee developers are denied access to iPhone-App folder and subfolders.
Community
  • 1
  • 1
avijendr
  • 3,958
  • 2
  • 31
  • 46

1 Answers1

1

Protecting against files or directory is done by VREF (see gitolite doc)

VREF/NAME/xxx

In your case (VREF/NAME doc):

@users = UserA UserB UserC

repo Acme-Repository

  # allow pushing to any branch for any paths
  RW+                         =  @users 

  # except for those specific paths:
  -   VREF/NAME/Jee/          =  UserA
  -   VREF/NAME/Android-App/  =  UserB
  -   VREF/NAME/iPhone-App/   =  UserC

Since a VREF is considered an "additional deny rule", you need to allow access first (RW+ @users) before restricting access with VREF rules.
(Just saw Sitaram Chamarty -- author of gitolite -- answer on groups.google.com)

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Thanks. I had already posted this is on Gitolite Google groups and Sitaram had answered it. But I am also accepting your answer as the answer is very good. Please see my update on the question on how it works now. Thanks again. – avijendr Oct 19 '14 at 15:03
  • 1
    @avijendr I just saw it. I also saw that Sitaram isn't too fond of Stack overflow ;) (https://plus.google.com/115609618223925128756/posts/Zoo1EWCxWBE) – VonC Oct 19 '14 at 15:06
  • Yeah you are right he is not very fond of SO. He has got his reasons which I think is alright. He told me you are going to answer in SO :). Thanks again VonC. – avijendr Oct 19 '14 at 15:08