Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

gitweb and per project http authentication

Tags:

git

apache

gitweb

I have successfully set up gitweb on an apache vHost accessable for all authenticated users.

The server itself provides several git repositories via https and has per user/group access to those projects. For example test1.git is only readable/writable by group test1 and test2.git is only readable/writable by group test2.

Now I also want only those groups to see their corresponding git repositories in the gitweb interface. Is it possible to have those granular access rights for gitweb?

If not, is there a light-weight web gui for git, that can handle basic http authentication per project (and possibly ldap authentication for later)?

Edit Just to make things clearer (as there seems some confusion from the comments): Example:

  • There are 10 repositories (test1, test2, ... test10)

  • user lockdoc is in group test1 and test3

  • Once authenticated over http with username lockdoc and his/her password, this user can only see git projects test1 and test3 and cannot browse/see any other projects

  • No need for writing (pushing) over the webinterface, as this is already implemented

like image 984
lockdoc Avatar asked Oct 05 '22 12:10

lockdoc

1 Answers

No GUI, but I would recommend using gitolite for this kind of fine-grained authorization.

See this httpd.conf for LDAP and gitolite access:

  • you can define a gitweb access, which in turn will call gitolite, see this gitweb.conf.pl script
  • you can define an https access which will also call gitolite (in order to allow or deny access, depending on your id)

The https config would look like this: 

ScriptAlias /hgit/ @H@/sbin/gitolite-shell/
SetEnv GIT_HTTP_BACKEND "@H@/usr/local/apps/git/libexec/git-core/git-http-backend"
<Location /hgit>
   ...
</Location>

In both case, you can protect those http addresses with LDAP-based authentication:

AuthName "LDAP authentication for ITSVC Smart HTTP Git repositories"
AuthType Basic
AuthBasicProvider myldap companyldap
AuthzLDAPAuthoritative Off
Require valid-user

And you will register your users/groups/repos in the gitolite.conf configuration file associated with gitolite.

@lockdoc_repos           =   test1 test3 # group of repo

repo @lockdoc_repos
    R                    = lockdoc # read-only access for lockdoc
    R                    = gitweb daemon # can be browsed

See "testing/info/refs not found in gitolite after removing R @all rule" for more on how to allow browsing for a repo, by sitaram (Sitaram Chamarty), creator of gitolite himself.

like image 140
VonC Avatar answered Oct 10 '22 02:10

VonC
Sign in to Comment

Related questions

Is there a git activity log?
Find deleted content in a Git repository; I only know surrounding context
How to set --work-tree or --git-dir in smartgit?
passing ciphers to libcurl through git?
Using Git as Bridge Between Git and SVN Repos? [closed]
Why does git-status show an updated binary file with a new name as a rename?
How to change the GitHub repository from which my repository was forked?
Recreating Gitolite-admin Repo
Jenkins + SVN + .NET projects + code review. Best way to do that?
Git: Equivalent of repair move from SVN
NGit making a connection with a private key file
git push.default setting after installing xcode
using gitolite VREFs for update hook
„Floating“ commit in git
How GitHub forms a pull request
Which code is shared between the original Git and libgit2?
Base vs default branch in bitbucket version of git
How to remove the git remote branch from bitbucket?
What happens if you force push to a branch with an existing pull request?
Is there a way to ask git diff to show the method name instead of the class name?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!