1

I understand that by design Git is distributed and each clone is a copy of the repository's history, blobs, tree objects, etc. We have a case to restrict read access to some of the folders/files hosted in Git repositories. I believe Subgit has Something Similar. Just wondering if there are any opensource or paid solutions to achieve this.

Dipu H
  • 2,372
  • 15
  • 24
  • 1
    See https://gitolite.com/gitolite/ – phd Jan 16 '20 at 20:45
  • 3
    Note that gitolite does not (cannot) restrict access to *commits* (nor, therefore, the objects reachable from those commits). Instead, it restricts access to *references* such as branch names. The idea here is that by making it impossible for user Bob to guess at the commit hash, he'll never be able to get the commit either, hence not be able to see whatever file(s) you only have in *that* commit and not in other commits. – torek Jan 16 '20 at 20:47
  • 3
    Whether this works at all, and if so how well, is debatable. Git is not intended to be secure against *reading* in this manner. It does work very well for limiting who can *set* references (i.e., set a particular branch name to refer to a particular commit). – torek Jan 16 '20 at 20:48
  • 1
    As torek has mentioned, you can't rely on this for security. See the SECURITY section of `gitnamespaces(7)` for all the gory details, but the answer is that you need to use a separate repository for data that shouldn't be shared. – bk2204 Jan 17 '20 at 01:22

1 Answers1

2

Just wondering if there are any opensource or paid solutions to achieve this.

Not on reading access.

Whenever you have that problematic, it is best to:

  • split the repo into two repositories
  • make the second one private
  • reference the second in the first a a submodule
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250