Is it a public project that your user checked out? Gitlab is a wrapper around git (in rough times). You don't see a git user in GitLab UI because it's at the Git level underneath GitLab.
Use tcpdump (on the user's machine or on your GitLab instance) to understand how your user is accessing the repository and how this relates to your firewalls. On Dec 5, 2016 4:29 AM, "Kristian Rink" <kawazu...@gmail.com> wrote: > Folks; > > I've been experiencing a *rather* strange behaviour with our gitlab > installation. System runs behind > an apache2 reverse proxy exposing HTTPS. I do have an external user who > has restricted access to > various projects. He entered his (valid) credentials and wasn't allowed > access to the desired > repository mainly because he tried HTTP access while the external proxy > only accepted HTTPS. > > However I learnt that this user was able to check out arbitrary project(s) > using 'git@<hostname>@ > credentials, without being prompted for a password and apparently through > ssh. This is a bit > strange: > > - The service should only expose HTTP(S), at least the reverse proxy only > does HTTPS. There should > be no way however to access the system via ssh; the system lives behind a > firewall and ssh isn't > exposed. How comes ssh access to the gitlab server is working at all? > > - In the gitlab admin ui, I can't find an actual "git" user account. > There's one on the gitlab > machine but this is a system user and definitely has a password set. > > > This is not really what I would have expected. For now, I took the machine > offline to check what's > wrong. Can anyone explain what's going on here? > > TIA and all the best, > Kristian > > -- > You received this message because you are subscribed to the Google Groups > "GitLab" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to gitlabhq+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/gitlabhq/1480940944.3207.4.camel%40gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/CANNWuVVaAEM3kBgTTZfX_dTMisnT%2BMn5vD%2Bj63FoDbzy9%2BGaig%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
