0

Is there a way in Git to define special rights to a certain file or folder?

I have a Node project that is built using a Docker-Compose YML file. My intention is that the team working on this project can modify any code, except the Docker-Compose YML file. I would like to prohibit pushes of that file to anyone except me. Is there a way to achieve this in Git?

Eoaioaou
  • 61
  • 2
  • `.gitignore` works well here. – Sid Jan 13 '20 at 10:42
  • 1
    Does this answer your question? [Git: Any Way I Can Prevent \*Most\* Users From Editing Files?](https://stackoverflow.com/questions/32321474/git-any-way-i-can-prevent-most-users-from-editing-files) – Mickael B. Jan 13 '20 at 10:44

3 Answers3

1

There is no intrinsic way to do this with Git, but there are tools that can help.

  1. You could configure your CI system to check pushes and fail if someone other than you pushes to that file.
  2. You could configure your hosting solution, such as GitHub, to use the code owners functionality and require an approval from you before merging.
  3. If your hosting solution supports it, you could configure a pre-receive hook (possibly with push certificates or commit signing) and reject pushes from anyone other than you.
  4. You could clearly communicate your expectations to the team and rely on them honoring your wishes.
bk2204
  • 64,793
  • 6
  • 84
  • 100
0

Yes, you can use .gitignore file - this file will contain the files (paths) that should be ignored by git during commits

This file should be a part of your project (you should commit and push it) so that everyone in your project will get it.

To "suppress" gitignore you can git add --force docker-compose.yml - so that only you'll use this command.

Mark Bramnik
  • 39,963
  • 4
  • 57
  • 97
  • No, that would not work. `.gitignore` does not ignore tracked files (files that are under version control). The answer here is to use hooks. One locally for members of the team to keep them from accidentally building on a commit that will be rejected. And then one server-side to toss out any commit that modifies said file and the author/committer is not allowed. It's more complicated because people can spoof those things, so you really want to enable signing and check the commits as well. – John Szakmeister Jan 13 '20 at 10:49
0

You can set the skip-worktree flag for restricted files like this:

git update-index --skip-worktree path/to/the/file

That gives a little different effect from what you need, but provided proper convention within the team, it should pay off: skip-worktree makes git ignore any local changes made to a specified tree (files), so no matter if your teammates change it or not, git does not track these changes. However git still tracks remote changes, so git pull command will update content of the files.

The main disadvantage is that this flag should be set locally on all machines you need those file local changes to be ignored on. For the machines you going to have possibility to push those files, just do not set this flag, or unset it with the following command:

git update-index --no-skip-worktree path/to/the/file
The Dreams Wind
  • 8,416
  • 2
  • 19
  • 49