Preventing user from changing .gitignore file?
Is there any why to force user not to change .gitignore file. What I mean is let’s say that someone will change or delete this file and push this changes.
- Recreating Gitolite-admin Repo
- gitweb and gitolite cannot add new repo
- Can gitolite have repo and a clone of the same repo with different branches and, therefore, in effect have read access on per branch level?
- gitolite repo is currupted after push
- How to change owner after executing post-update hook?
- How to restrict branch deletion access in gitolite
3 Solutions collect form web for “Preventing user from changing .gitignore file?”
With Gitolite, pre-receive Hooks are called VREFS (Virtual Refs, also listed here): don’t setup a pre-receive hook directly in repos managed by gitolite, do it by adding a VREF in the
VREF directory of the
gitolite-admin repo, and Gitolite will propagate it to the repos.
The section “restricting pushes by dir/file name” illustrates how to restrict pushes by the names of dirs and files changed.
That is one VREF you don’t need to add to the
VREF directory, actually (it is part of the update hook managed by Gitolite. For secondary update hook, see here).
So modifying the
gitolite.conf in the
gitolite-admin repo, and pushing back that admin repo to the gitolite server is enough.
repo foo RW+ = @senior_devs RW = @junior_devs - VREF/NAME/Makefile = @junior_devs
You can set a pre-receive hook on the server side, and refuse the push if
.gitignore is modified.
Git is decentralised. Once someone has cloned a repo, it is entirely under their control, including the
What you can do is prevent users to push certain files to your server by using a Git hook that checks for the specified file types and refuses the user to push.
Read up on pre-receive hooks. And write a script that searches for the given file types.
Check your repo
.git/hooks there will be a list of sample files that show you how to handle it. Also read this article to avoid an easy mistake to make.
I’m not any good at shell scripting, but here’s a small script that disallows .php and .css files and tells the user before aborting. It’s located in
.git/hooks/pre-receive. Remember to make it executable (
chmod +x) or else it won’t work.
#!/bin/sh while read oldrev newrev refname do if [[ `git diff-tree --no-commit-id --name-only -r $newrev | grep -e 'css\|php'` != "" ]] do echo "Cannot push this" exit 1; fi end