From d74e58b5de8c78bddd29b009ba2d606f7fcb4f2d Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Sun, 24 Apr 2011 15:16:43 +0530 Subject: [PATCH] (minor doc fixes) --- doc/gitolite.conf.mkd | 9 +++++++++ doc/overkill.mkd | 10 ++++++++++ 2 files changed, 19 insertions(+) diff --git a/doc/gitolite.conf.mkd b/doc/gitolite.conf.mkd index e7ac5c7..51779ef 100644 --- a/doc/gitolite.conf.mkd +++ b/doc/gitolite.conf.mkd @@ -412,6 +412,15 @@ Elsewhere in the file, you would specify access for individual repos (like RW, RW+, etc). Gitolite combines all of these access rules, maintaining the textual order in which they occur, when authorising a push. +And although this example used groups, you can use reponames as well, or mix +and match them. You can even distribute rulesets across multiple "include" +files if you wish. + +Just remember that if you use [deny rules][dr] anywhere then the *order of the +rules matters*! + +[dr]: http://sitaramc.github.com/gitolite/doc/gitolite.conf.html#_deny_rules + This feature also helps people who generate their gitolite.conf itself from some *other* database -- it allows them much more flexibility in how they generate rules. diff --git a/doc/overkill.mkd b/doc/overkill.mkd index 9a41ca4..d93303c 100644 --- a/doc/overkill.mkd +++ b/doc/overkill.mkd @@ -38,6 +38,16 @@ the "--shared" argument, do this on each of them: I think that should do it. +Once you've setup the Unix level permissions, you may consider setting the +shell of some of the less experienced users to "git-shell" (using its full +path) if they don't really need a shell on the server. This will let them +access git remotely but not do anything else. + +Combining this with settings like `receive.denyDeletes` and +`receive.denyNonFastForwards`, or at least `core.logAllRefUpdates`, can go a +long way toward preventing accidents or at least making it feasible to recover +from them. + ---- You can do more complex things using Unix acls. If you do, and feel like