Restrict read access in git repo using gitolite

Question

I am using gitolite for git repository restrict the access.

Any one can tell how to configure restrict the branches and how to restrict read permission for particular Dir/file?

Answer 1

As mentioned in the Gitolite overview

read access controlled at the repo level,

You either access (clone) the full repo or you don't at all.

A sensitive file should typically not be in a repo (or be in a private repo), and generated through a smudge filter content driver. That 'smudge' script can (on git checkout) check if you are an authorized user and, if yes, fetch the file (from a trusted private source, not from a git repo) and generate on checkout your restricted file.

Write access restriction, on the other hand, has always been possible, as I mentioned 6 years ago.
With VREFS, you can enforce all kinds of policies (like git commit messages, or based on roles.

And yes, you can restrict pushes based on file/DIR.

You can even use LDAP groups to restrict gitolite access

---

For restricting read access based on dir/file or branches/tags except gitolite...

• first even gitolite does not do that
• this is not how a Git repo works: you would have to impose restrictions on the listener (https or ssh) level, that is at the level where git upload-pack (done on the server side during a client git fetch) is requesting packs: it is called by ssh, or by the https smart protocol.
  That would involve packs inspection (with git verify-pack), which would slow down considerably clone/fetch operation and has not been done to my knowledge.

Hence my original suggestion to not put any restricted/sensitive file ni a git repo.