On 17-09-04 at 17:05, Alan McKinnon wrote: > Hi, > > I fear I have a severe case of too many trees in the way to see the forest. > > I have a git server, it only runs git. > All the sysadmins have full access using ssh://, their keys are in git's > authorized_keys, the repos are owned git:git, MODE 770, etc etc, and it > works like it should. > > I want an app to have read-only access to some repos, i.e. clone and > pull only. But they are not publicly accessible i.e. the app user must > be pre-authorized by me and have a public key. And for the life of me I > can't think how to do it! You want to use the command= option in the .ssh/authorized_keys file for the key to ensure that only `git-upload-pack <repo_path>' is run
> Google is only giving me results about what fancy buttons to click in > GitHub and Gitlab... I know, my Google-fu sucks today. You can look at [1] if you want a really minimal example of a git permissions management system. [1]: https://github.com/cbdevnet/fugit -- Simon Thelen