diff options
author | Rob Austein <sra@hactrn.net> | 2015-01-08 13:29:41 +0100 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2015-01-08 13:29:41 +0100 |
commit | b781f0199ffbea949c3e269ffa3e30077c5dc84f (patch) | |
tree | 5254db2c1fca2a628328adba7ca9041f796a0f7a /conf | |
parent | d39b6df8f82780fe3b5987cff568056550992855 (diff) |
Policy change: all authorized users now allowed to push to any wild
repository.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/gitolite.conf | 24 |
1 files changed, 3 insertions, 21 deletions
diff --git a/conf/gitolite.conf b/conf/gitolite.conf index 6bbe627..01a6860 100644 --- a/conf/gitolite.conf +++ b/conf/gitolite.conf @@ -22,28 +22,10 @@ repo gitolite-admin # Everything but the gitolite-admin repository is currently set up for # "wild repositories" (http://sitaramc.github.com/gitolite/wild.html). # -# In theory, this lets authenticated users create their own -# repositories without needing to touch this file. -# -# In all of these, we allow read permission to @all, on the theory -# that it doesn't make much sense to restrict read via SSH while -# allowing it via plain HTTP. So we have no current use for the -# READERS role. Add it back if we ever find a use for it. - -# Principal of Least Astonishment says that users should create -# repositories that look like they belong to other users. - -repo users?/CREATOR/..* - C = @all - RW+ = CREATOR - RW = WRITERS - R = @all - -# Other wild repositories. Might consider restricting top-level to -# enforce a particular hierarchy, ask the users what they want. +# We used to allow R for @all but restrict RW to WRITERS, but at the moment +# we just allow any authorized user to push to any wild repository. repo [a-zA-Z0-9].* C = @all RW+ = CREATOR - RW = WRITERS - R = @all + RW = @all |