{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《Gitolite permissions: How use the “-” thing?》','https://www.manongdao.com/q-717584.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to set up my Gitolite permissions but I'm not really sure how to use the - thing.
Situation: I have two groups; @gatekeepers and @devs. I want both groups to be able to work in all remote branches except the master branch. They are supposed to be able to pull the master branch though.
So far I have this, but I'm positive that it doesn't work:
repo foo
- master = @devs @gatekeepers
RW+ = @devs @gatekeepers
If I understand it correctly, this disallow the groups from doing anything at all (reading or writing) to the master branch.
What is the way to do this properly?
For the stated purpose (which IIUC is disallow push to master), the original code in the question is fine; it does indeed prevent push to master to both groups mentioned.
Adding the
deny-rulesoption makes it so no one can even clone.Recap: the
deny-rulesoption makes it so that deny rules are honored for the pre-git access check also. This means, (as the doc says), refexes are ignored -- in fact you don't even know what ref will be pushed, even if it is a push operation.