I have GITOLITE on my server and I want to configure access to my repository. I want to restrict access to some branches for some users. I try a lot of variants how to configure gitolite.conf file and I didn't find solution how to restrict acces to some branches.
1)
@developers1 = user1
@developers2 = user2
repo dbatest
RW+ = @developers1
R test = @developers2
- test = @developers2
RW+ = @developers2
When user2 executed command: git push origin test: push succeed
In gitolite log I had this lines:
http ARGV=user2 SOC=git-receive-pack 'dbatest' FROM=10.65.184.239
6453 pre_git dbatest user2 W any refs/.*
6453 system,git,http-backend
6453 END
2)
@developers1 = user1
@developers2 = user2
repo dbatest
RW+ = @developers1
- test = @developers2
RW+ = @developers2
When user2 executed command: git push origin test: push succeed
In gitolite log I had this lines:
http ARGV=user2 SOC=git-receive-pack 'dbatest' FROM=10.65.184.239
6457 pre_git dbatest user2 W any refs/.*
6457 system,git,http-backend
6457 END
3)
@developers1 = user1
@developers2 = user2
repo dbatest
RW+ = @developers1
R test = @developers2
- test = @developers2
RW+ = @developers2
option deny-rules = 1
When user2 executed command: git push origin test: push denied and he saw this message:
fatal: remote error: FATAL: W any dbatest user2 DENIED by refs/heads/test
(or you mis-spelled the reponame)
And in gitolite log i had this:
8161 http ARGV=user2 SOC=git-receive-pack 'dbatest' FROM=10.65.184.239
8161 die W any dbatest user2 DENIED by refs/heads/test<<newline>>(or you mis-spelled the reponame)
It's look like good, but when he try to push something into the master branch he had this meesage to.
I tryed mix this lines in my gitolite config file but they didn't work for me.
I will be happy if someone can help me with it. I want to restrict write access to some branches for some developers. I cann't create additional repository I must to use restrict policy on one main repository.
Big Thanks!
If I look at the official documentation:
repo foo bar
RW+ = alice @teamleads
- master = dilbert @devteam
- refs/tags/v[0-9] = dilbert @devteam
RW+ dev/ = dilbert @devteam
RW = dilbert @devteam
R = @managers
dilbertand thedevteam has these restrictions
they can do anything to branches whose names start with "dev/"
**they can create or fast-forward push, but not rewind or delete, any branch except `master`**
So this looks right:
- test = @developers2
RW+ = @developers2
However gitolite has two checks:
- test is ignored), In your case, the ref (test) should be known and the deny rule apply.
You can debug more by tracing the logic of your specific rules with:
gitolite access -s dbatest user2 W test
The OP Sufelfay confirms in the comments that it works with 3.5.3, not with 3.6.x.