gitolite/doc/why.mkd
2012-03-24 18:22:11 +05:30

2.3 KiB

Why is gitolite needed?

Gitolite is separate from git, and needs to be installed and configured. So... why do we bother?

Gitolite is useful in any server that is going to host multiple git repositories, each with many developers, where some sort of access control is required.

In theory, this can be done with plain old Unix permissions: each user is a member of one or more groups, each group "owns" one or more repositories, and using unix permissions (especially the setgid bit -- chmod g+s) you can allow/disallow users access to repos.

But there are several disadvantages here:

  • every user needs a userid and password on the server. This is usually a killer, especially in tightly controlled environments
  • adding/removing access rights involves complex usermod -G ... mumblings which most admins would rather not deal with
  • viewing (aka auditing) the current set of permissions requires running multiple commands to list directories and their permissions/ownerships, users and their group memberships, and then correlating all these manually
  • auditing historical permissions or permission changes is pretty much impossible without extraneous tools
  • errors or omissions in setting the permissions exactly can cause problems of either kind: false accepts or false rejects
  • without going into ACLs it is not possible to give some people read-only access while some others have read-write access to a repo (unless you make it world-readable). Group access just doesn't have enough granularity
  • it is absolutely impossible to restrict pushing by branch name or tag name.

Gitolite does away with all this:

  • it uses ssh magic to remove the need to give actual unix userids to developers
  • it uses a simple but powerful config file format to specify access rights
  • access control changes are affected by modifying this file, adding or removing user's public keys, and "compiling" the configuration
  • this also makes auditing trivial -- all the data is in one place, and changes to the configuration are also logged, so you can audit them.
  • finally, the config file allows distinguishing between read-only and read-write access, not only at the repository level, but at the branch level within repositories.