Sorry, of course the strainer script doesn't check if the specific person is allowed to access the repository, but the anongit user itself. So the anongit user allows unauthorized ro access to public repositories, whereas access to private repositories is forbidden. User-specific private/public repository access should be checked using the default strainer.
Thomas Am 04.02.2010 um 08:52 schrieb Thomas Schamm: > Hi Jeff, > > for read access control, we have disabled the git-daemon and added another > gitorious user (anongit), which uses a modified version of the gitorious > script and strainer.rb. > Such, anyone can access a repository using anon...@gitorious.server:repos... > and strainer will check if this person is allowed to read the content of the > repository. > > Thomas > > Am 04.02.2010 um 03:37 schrieb Jeff Mitchell: > >> On 02/03/2010 03:19 AM, Marius Mårnes Mathiesen wrote: >>> But you guys have your own git-daemon that is run. Such access control >>> could be coded into this, correct? >>> >>> >>> Actually, to my knowledge, the git protocol itself lacks authentication >>> support; it is designed for fast read access to repositories. >> >> I'm not talking about the git protocol; I'm talking about the git-daemon >> process itself. Since you have a custom git-daemon, it's conceivable >> that part of that customization could be involve access control >> controlling whether the daemon actually responds to a particular client. >> >>> Newer versions of git actually have much improved HTTP support; it is >>> faster and supports writing (ie push). So HTTP is a real alternative to >>> SSH these days, as long as the users have recent Git clients. >> >> HTTP has supported push for a long time, at least a year. But it doesn't >> (or maybe didn't) work very well. Client setup could be a pain, and >> worse, the bare repos on the server often wouldn't update properly, >> forcing manual intervention to do things like have them garbage collect >> (I once saw such a bare repo being updated over HTTP balloon from 30MB >> to 2GB). >> >> When I brought these issues up in #git I was told that HTTP was >> basically a second class citizen and that nobody really was caring much >> about it. >> >> I'd advice much testing, and caution... >> >> --Jeff >> > > -- > To post to this group, send email to gitorious@googlegroups.com > To unsubscribe from this group, send email to > gitorious+unsubscr...@googlegroups.com -- To post to this group, send email to gitorious@googlegroups.com To unsubscribe from this group, send email to gitorious+unsubscr...@googlegroups.com
