how to set permission in Git? - linux

I am new to Git and after I lots of searching I found that I must have set Linux permissions in my Git server.
But I want to know, is it possible to set permissions in Git?
I am working on a team about six people and I don't like to everyone on the team can access all the project for security reasons.
For example, If somebody in my team works on UI in my Store section I want to he/she have it's own branch but when he/she PULL the project with Git just have access to files and folders I let.
I have to add that I have my own Git server on a local network using Linux Debian and I'm using "SourceTree" as my GUI for Git and I have few experience on Git command line, so I need do it from GUI if possible.
Edited:
Does Git lab support permission like this: I have a repository that uses Laravel framework and I'd like to set permission for UI developers that only access views and PHP developers access some controllers not all the part of the controller in the project.

You can checkout GitLab: https://about.gitlab.com/ for this. Out of the box git does not support what you need/want.

No, Git doesn't manage this directly. Anyone with authentication credentials to the repository has access to the entire repository.
Traditionally, this is managed with third-party solutions, such as Gitolite, GitHub private repositories, and other systems.

In addition to other answers: if you want only certain parts of project to be accessible to each developer, you can use git submodules.
This is also preferable if project has logically and functionally separate parts. (Like front-end and back-end. )

Related

How to sync git on ubuntu with existing github projects?

I used mac github client to push my codes to my github account. On my Ubuntu linux computer I wan't to connect to github using the terminal so that it will automatically sync will all my projects on github. How would I do it? All the online help I have bumped in to so far only show how to clone an exiting git repository not how to connect to my github account and sync it.
git, the revision control system, doesn't know anything about Github, a website that keeps track of and hosts your git repositories for you. The concept of a Github account is totally alien to git, so you'll never be able to, say, browse all of the projects you own on Github with a git command. git only works on the level of individual repositories.
Github also provides a graphical client that handles both the git level stuff and the Github level stuff -- it understands what a Github account is, and will log in for you and display all of the repos associated with the account. It's also a fully featured git client that does a lot of work on the level of individual repos for you. However, this graphical client is currently only available for Windows and OS X, and is not available for Linux.
My own workflow on Linux is to use the github.com website plus the command-line git tool. To bridge the gap between Github and git, you need to git clone individual repos. Aside from that, you can do Github administrative tasks on the website, and you can work with individual repos with git on the command line.
If you don't like this work flow, you need to look at graphical git clients for Linux. I'm not sure if any exist that will do both git-level stuff and also interface with Github specifically and understand the idea of a Github account.
You could also theoretically try to run the Windows client in wine on Linux, but I would not recommend this approach except as a last resort.
First I don't know a program that automatically sync all my github repositories.
First you have to install git (if it has not been done already) tutorial
Than you should generate a rsa:key to be able to 'push' your repositories to github.
You can generate a rsa_key by following this tutorial notes ssh-add id_rsa should be ssh-add id_rsa.pub ....also you can name id_rsa as anything you want: like bran_rsa_key
You should post or add your rsa_key to git hub at this address. If you go to that link you will see that you already have some key for your Mac but nothing for your Ubuntu.
After installation you could install ungit if you're not that familliar with git

Looking for implementing a centralized git repository... with a catch

The idea behind what I am wanting to do is to create a centralized server on a linux system. I understand how to set this up, and already have. Next I would like to set up git on a windows system, aka the client, which I understand is possible through msysgit, and gitextensions. The problem though is that I am wanting to integrate the windows client to be able to push and pull visual studio files but keep the repositories on the linux server. So in short my question is how to have a centralized server on linux for git, while the client on windows is able to push to this centralized server. Thanks in advance!
I solved my problem. What I wanted to do was to create a ssh connection between the server(linux) and the client (windows). I used tortoise git in this case with the git source control provider (visual studio integration). Just follow the steps within the link and anybody else who might have this problem will be set!
Links:
For tortoise setup: http://theswarmintelligence.blogspot.com/2009/11/windows-tortoisegit-client-for-linux.html
What's the catch here? This sounds like a completely standard use case. It's probably best to use SSH as a transport to push to the server. A couple of things to be aware of are:
You should create your centralized repository as a bare repository (i.e. one without a working tree)
If you have multiple users who will push to that repository, create a group for them on the Linux machine, and make sure that the permissions for the repository are appropriate, e.g.:
git init --bare --shared=group newrepository.git
chgrp -R developers newrepository.git
Or if you're going to have multiple repositories or need more sophisticated access control, you may want to look at using gitolite on the server.
On the client side, GitHub has a nice walkthrough for installing msysgit on Windows (and generating an SSH key) here:
http://help.github.com/win-set-up-git/
... and there are tutorials for gitextensions on its site.

Setting Commit and Checkout Privileges for a Git Repository

We are having a local repository which is accessible to a large number of people. We have to set up a Git repository there such that only certain users have checkout as well as commit privileges. How can we do that.
P.S. : This is a part of our homework assignment in which we have to develop a game and update it using a Git repository. So, if anyone feels like we should not be asking this question here, please do tell.
I'd recommend gitolite to manage user access to the repository.
Edit after comments:
gitolite is installed via git too.
I'm guessing that your teacher probably also meant to teach you – besides using git – to configure git protocols, ssh access (keys etc.).
You already got best advices: gitolite, gitosis, Pro git, adding to this man ssh, man ssh-keygen, man scp and git manual your homework should be easily solved.
Since it is homework I will try to give hints.
What files and directories do other users need to read to access (or write to commit/push into) a repository?
What methods can you use to control the permission on these files and directories?
Does your application have any configuration options that might help?

How to set up a git repository where different users can only see certain parts?

How do you set up a git repository where some users can see certain parts of the source code and other users can see all of it? I've seen lots of guides for only giving certain users commit access, but these assume everyone should have read access. I've also heard of gitosis, but I'm not sure it supports this and it hasn't had any commits in over a year so I think it's dead.
In short: you can't. Git is snapshot based (at conceptual level at least) version control system, not changeset based one. It treats project (repository) as a whole. The history is a history of a project, not a union of single-file histories (it is more than joining of per-file histories).
Using hooks like update-paranoid hook in contrib, or VREFs mechanism of gitolite, you can allow or forbid access to repository, you can allow or forbid access to individual branches. You can even forbid any commits that change things in specified subdirectory. But the project is always treated as a whole.
Well, there is one thing you can do: make a directory you want to restrict access to into submodule, and restrict access to this submodule repository.
The native git protocol doesn't support this; git assumes in many places that everybody has a complete copy of all of the history.
That said, one option may be to use git-subtree to split off part of the repository into its own subset repository, and periodically merge back.
Git doesn't support access control on the repository. You can however, implement access control on the repository yourself, by using hooks, more specifically the update hook.
Jörg has already pointed out that you can use hooks to do this. Exactly which hook(s) you need depends on your setup. If you want the permissions on a repo that gets pushed to, you'll need the update hook like he said. However, if it's on a repo that you're actually working in (committing and merging), you'll also need the pre-commit and post-merge hooks. The githooks manpage (Jörg linked to this too) notes that there's in fact a script in the contrib section demonstrating a way to do this. You can get this by grabbing a git tarball, or pull it out of git's gitweb repo: setgitperms.perl. Even if you're only using the update hook, that might be a useful model.
In general, Git is not intended for this. By now it seems to have out-of-the-box access control only up to the repository level.
But if you need just to hide some part of secret information in your Git repository (which is often the case) you can use git-crypt (https://github.com/AGWA/git-crypt) with encryption keys shared based on users GPG keys (https://gnupg.org/).
Alternatively you can use git submodules (https://git-scm.com/book/en/v2/Git-Tools-Submodules) if you can break your codebase to logical parts. Then all users receive access only to certain repositories which you then integrate into 'large' codebase through sub-modules where you add other code and allow it for only 'privileged' users.

Subversion Repository on Linux Dev

What's the best practice for setting up a subversion repository on a linux development machine. External users need to be able to access a specific repository, but nothing else on the machine. I know one answer is to set up a dedicated repository, but I'm looking for a single machine solution: location of repositories, accounts, backup procedures.
One of the popular access methods to Subversion is via Apache module. You can set put different rights at the directory level to control access. See Choosing a Server Configuration and httpd, the Apache HTTP Server. For authentication, I recommend using external authentication source like Microsoft AD via mod_auth_sspi.
If you need to mix and match rights, see my answer for How can I make only some folders show up for certain developers with SVN.
I work for an IT operations infrastructure automation company; we do this all the time.
Location of repository: We use "/srv/svn" by default to store all SVN repositories, unless a customer has a specific requirement, for example an existing repository might be stored on a ReadyNAS shared filesystem.
Accounts: All our customers use LDAP. Either OpenLDAP server running on a master host, but sometimes Active Directory because some customers have a Windows domain in their office, which we can configure as well. Developers get access to the "SCM" group (usually svn, git or devel), and the 'deploy' group. These groups only have permissions to log in and perform SCM related activities (ie, write commits to the repo based on group ownership), or do application deployments to production.
Backup procedures: We use svnadmin hotcopy unless the customer already has something in place (usually svnadmin dump, heh).
svnadmin hotcopy /srv/svn /srv/svn_backups/$(date +%Y%m%d)
For access to the repo, it's usually simple svn+ssh. Some customers already have an Apache setup, but not many. I recommend SSH. Developers push their public ssh keys out and all is well. There's little to no maintenance with LDAP user management (the only way to go).
I'd recommend looking at the chapter on server configuration in the subversion book. It makes suggestions about which configuration is more appropriate for your use.
For what it's worth, setting up a repository using the stand alone svn daemon is very straight forward. The annoying thing is managing user rights.
I have a blog posting that describes the steps necessary to set up and initiate a Linux-based Subversion server in order to maintain code repositories etc.
Basically the steps are:
Download the Subversion tarball.
Unzip and install Subversion.
Deal with any installation problems that arise when running ./configure, if any.
Create the Subversion repository using svnadmin create.
Edit the repository configuration file using your text editor of choice.
Ditto the password file.
Import your code, projects etc into the repository using svn import.
Start the server as a daemon eg svnserve -d. It is also possible to get it to do this automatically
upon reboot.
Start using it using standard Subversion commands to eg check out, check in, backup etc...

Resources