0

A user forked one of my github repositories and started committing on its fork. Nevertheless, some of his commits were pushed to my repository despite him not being among the collaborators of the repo. I just know this user used github web interface to commit his changes to the repository. I have managed to bring back my repository before he started modifying it using: git push -f origin main to overwrite the remote repository with my local one but I would like to prevent this from happening in the future.

Following what suggested in this question I have checked my github global configuration using git config --list but my user.name and user.email are correct. Any idea?

Thanks for any help!

Francesco Costa
  • 1
  • Anybody with push access to your repository could have pulled from the forker and then pushed those changes to your repository. – Stephen Newell Jul 09 '23 at 14:15
  • There are no collaborators in this repo. Can someone without being a collaborator or being a member of my organizations have push access to my repository? How can I check that? – Francesco Costa Jul 10 '23 at 08:53

1 Answers1

0

If this repo has any collaborators, I suggest you set up branch protection to prevent unauthorized collaborators from pushing to some of your branches.

There are two possible ways a user can commit directly to another user's repo:

  1. Collaborator

A user that has defined permissions in a Github repo is marked as a collaborator. These permissions can vary and are setup directly on the repo settings.

  1. Member

When a Github repo belongs to an organization, users that have membership in that organization are marked as a "Member". Organization membership does not necessarily grant any permissions in a particular repository, but the user is marked a Member regardless.

For example, one org I am a member of grants me read/write access to some repos, but I am marked a member also in other repos where I DON'T have permissions/access, just as any other github user that's not part of the organization.

Carlos Kassab
  • 1
  • Hi Carlos, thank you for your answer. I do not have collaborators in that repo and I do not share any organization with this user. – Francesco Costa Jul 09 '23 at 16:04