Restrict Access to GIT repo

Question

I have GIT repo from a cloud provider and I would like to add new members to my team but I don't want them to be able to clone the repo to their own laptops.

I would like to create a shared development cloud instance e.g. Amazon EC2 and allow them to login, clone to here only etc...

How could I achieve this?

Thanks, W

This is a people problem, not software. If you are afraid of someone nicking your code, your fears are misplaced. — Deer Hunter, Jun 10 '13 at 22:22
...This reminds me a lot of: http://superuser.com/a/391885/42245 — Sirex, Jun 10 '13 at 23:10

score 4 · Answer 1 · answered Jun 10 '13 at 22:48

4

This is somewhat contrary to git's intended purpose as a distributed version control system.

If you truly want to limit clones, checkouts, pulls, etc and copying of your code to a specific EC2 instance, you need to install your version control system on that instance and harden it such that the only way your developers can get the code off of it is to "screen capture" it. This means locking down scp, rsync, ftp, http, email, etc, and their ability to compile their own tools.

As Deer Hunter implied, it's much more effective to treat this as a people problem, typically by focusing on hiring trustworthy developers and asking them to sign legally binding non-disclosure agreements.

answered Jun 10 '13 at 22:48

David Hodnett

139
2
6

Hi Thanks for the replies..while I 'intend' to hire only trustworthy people this is not always the case. I will get users to sign all the above mentioned however enforcement is a costly procedure and if i have to do this it means the worst has already happened...I was hoping of some way of creating a unique user identity(ies) on the EC2 instance, adding that user(s) to my GIT repo team and thus the user i.e. the login for the EC2 instance will be the only available way to clone? – user1843591 Jun 11 '13 at 12:59
You can use a tool such as gitolite to restrict access to a single user. If your cloud service allows you to adjust the firewall rules, you can likewise restrict access to a single EC2 instance. In good conscience though, I must warn you that this is the equivalent of locking your front door while ignoring the wide open window next to it. – David Hodnett Jun 11 '13 at 21:30
Thanks... If someone sets out to be malicious then I know they're going to find a way. I'm trying to avoid people having too many repo clones on their machines. If person A left mycompany for a similar company B for genuine reasons then it would be very tempting to dig out that 'ol repo they had on their machine... – user1843591 Jun 12 '13 at 08:25

Restrict Access to GIT repo

1 Answers1