git在用户管理及管理上,下面上三种解决办法:
如果需要团队里的每个人都对仓库有写权限,又不能给每个人在服务器上建立账户,那么提供 SSH 连接就是唯一的选择了。我们假设用来共享仓库的服务器已经安装了 SSH 服务,而且你通过它访问服务器。
有好几个办法可以让团队的每个人都有访问权。
第一个办法是给每个人建立一个账户,直截了当但过于繁琐。反复的运行 adduser 并且给所有人设定临时密码可不是好玩的。
第二个办法是在主机上建立一个 git 账户,让每个需要写权限的人发送一个 SSH 公钥,然后将其加入 git 账户的 ~/.ssh /authorized_keys 文件。这样一来,所有人都将通过 git 账户访问主机。这丝毫不会影响提交的数据——访问主机用的身份不会影响 commit的记录。
另一个办法是让 SSH 服务器通过某个 LDAP 服务,或者其他已经设定好的集中授权机制,来进行授权。只要每个人都能获得主机的 shell 访问权,任何可用的 SSH 授权机制都能达到相同效 # 如果需要团队里的每个人都对仓库有写权限,又不能给每个人在服务器上建立账户,那么提供 SSH 连接就是唯一的选择了。我们假设用来共享仓库的服务器已经安装了 SSH 服务,而且你通过它访问服务器。
git 共享仓库服务器: Aries.lansgg.com 192.168.100.128
git 客户测试机: node1.lansgg.com 192.168.100.129
方法一 示例、
git 仓库服务器,新建仓库,测试机获取git仓库,修改,远程上传。ssh 方式
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@Aries ~]
# useradd -d /opt/gitServer gitServer
[root@Aries ~]
# echo "git"|passwd --stdin gitServer
更改用户 gitServer 的密码 。
passwd
: 所有的身份验证令牌已经成功更新。
[root@Aries ~]
# yum install git -y
[root@Aries ~]
# su - gitServer
[gitServer@Aries ~]$
ls
[gitServer@Aries ~]$
mkdir
TestProject.git
[gitServer@Aries ~]$
cd
TestProject.git/
[gitServer@Aries TestProject.git]$ git --bare init
Initialized empty Git repository
in
/opt/gitServer/TestProject
.git/
[gitServer@Aries TestProject.git]$
ls
branches config description HEAD hooks info objects refs
|
客户测试机
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
[root@node1 ~]
# useradd -d /opt/gitServer gitServer
[root@node1 ~]
# echo "gitServer" |passwd --stdin gitServer
更改用户 gitServer 的密码 。
passwd
: 所有的身份验证令牌已经成功更新。
[root@node1 ~]
# su - gitServer
[root@node1 ~]
# git clone gitServer@192.168.100.128:/opt/gitServer/TestProject.git
Initialized empty Git repository
in
/root/TestProject/
.git/
The authenticity of host
'192.168.100.128 (192.168.100.128)'
can't be established.
RSA key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'192.168.100.128'
(RSA) to the list of known hosts.
gitServer@192.168.100.128's password:
warning: You appear to have cloned an empty repository.
[root@node1 ~]
# ls
anaconda-ks.cfg
install
.log
install
.log.syslog TestProject
[root@node1 ~]
# cd TestProject/
[root@node1 TestProject]
# echo "test file" > test.file
[root@node1 TestProject]
# git add test.file
[root@node1 TestProject]
# git config --global user.name "gitServer"
[root@node1 TestProject]
# git config --global user.email git@lansgg.com
[root@node1 TestProject]
# git commit -m "test commit" test.file
[master 96bf273]
test
commit
1 files changed, 1 insertions(+), 1 deletions(-)
[gitServer@node1 TestProject]$ git remote add test_remote_origin
ssh
:
//192
.168.100.128
/opt/gitServer/TestProject
.git
[gitServer@node1 TestProject]$ git push test_remote_origin master
gitServer@192.168.100.128's password:
Counting objects: 5,
done
.
Writing objects: 100% (3
/3
), 252 bytes,
done
.
Total 3 (delta 0), reused 0 (delta 0)
To
ssh
:
//192
.168.100.128
/opt/gitServer/TestProject
.git
7e2e4a4..96bf273 master -> master
|
git 仓库服务端
|
1
2
3
4
5
6
|
[gitServer@Aries TestProject.git]$ git log
commit 96bf2738c6602283ea91778b999f7adf66c0082c
Author: gitServer <gitServer@lansgg.com>
Date: Tue Sep 22 17:05:12 2015 +0800
test
commit
|
我们可以随便找个目录clone下,看看是否存在 刚刚提交的 test.file
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@Aries ~]
# mkdir /opt/tt
[root@Aries ~]
# cd /opt/tt
[root@Aries tt]
# git clone gitServer@192.168.100.128:/opt/gitServer/TestProject.git
Initialized empty Git repository
in
/opt/tt/TestProject/
.git/
The authenticity of host
'192.168.100.128 (192.168.100.128)'
can't be established.
RSA key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'192.168.100.128'
(RSA) to the list of known hosts.
gitServer@192.168.100.128's password:
remote: Counting objects: 6,
done
.
remote: Compressing objects: 100% (2
/2
),
done
.
Receiving objects: 100% (6
/6
), 435 bytes,
done
.
remote: Total 6 (delta 0), reused 0 (delta 0)
[root@Aries tt]
# ls
TestProject
[root@Aries tt]
# cd TestProject/
[root@Aries TestProject]
# ls
test
.
file
[root@Aries TestProject]
# cat test.file
test
file
abc
[root@Aries TestProject]
#
|
方法二 示例、
在测试机创建两个账户 user1 user2,分别将秘钥上传至git 仓库侧,
|
1
2
3
4
5
6
7
8
9
|
[root@node1 ~]
# useradd -d /opt/user1 user1
[root@node1 ~]
# echo "user1" |passwd --stdin user1
更改用户 user1 的密码 。
passwd
: 所有的身份验证令牌已经成功更新。
[root@node1 ~]
# useradd -d /opt/user2 user2
[root@node1 ~]
# echo "user2" |passwd --stdin user2
更改用户 user2 的密码 。
passwd
: 所有的身份验证令牌已经成功更新。
[root@node1 ~]
#
|
|
1
2
3
4
|
[root@node1 ~]
# su - user1
[user1@node1 ~]$
ssh
-keygen -t rsa
[root@node1 ~]
# su - user2
[user1@node1 ~]$
ssh
-keygen -t rsa
|
分别将user1、user2 用户的公钥新增git仓库服务器侧的
|
1
2
3
4
5
6
7
8
9
|
[user2@node1 .
ssh
]$
pwd
/opt/user2/
.
ssh
[user2@node1 .
ssh
]$ ll
总用量 8
-rw-------. 1 user2 user2 1671 9月 22 17:18 id_rsa
-rw-r--r--. 1 user2 user2 404 9月 22 17:18 id_rsa.pub
[user2@node1 .
ssh
]$
cat
id_rsa.pub
ssh
-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp0Im8iL7UR2b0PWrJ98YY
/nqvjnuYWNc2F52SYn1/WA8rwGBWW0WBmKMoyW8YfSpCVk7QbyhX48Y3KF/Gf16CWRMm8xuyA
+S5Seq3ZGnLbbVhb0OMO8VDAldovnIuPdI6005+ux
/WbG1FKr3WxGs5k92ZO9hbXxpcVAwpvHY47t1v2LH5fW2jThypWMolUdp9TaNy7FkD2zaUNhbdqM1w67OSydiHAMfj183sEso9TykiXJvwlJeLdUMFywPTwfVqu2rxV0lY68B2mwr1pl5mcGPA4/0ruX8vSFsFLev8
+yi7LjccChAu
/suPIFGLqRXrkW8ymsN/l3CkldnS9Y0BQ
== user2@node1.lansgg.com
[user2@node1 .
ssh
]$
|
git 仓库服务侧
|
1
2
|
[gitServer@Aries ~]$
mkdir
.
ssh
&&
chmod
700 .
ssh
[gitServer@Aries ~]$
touch
.
ssh
/authorized_keys
&&
chmod
600 .
ssh
/authorized_keys
|
|
1
2
3
4
|
[gitServer@Aries ~]$
cat
.
ssh
/authorized_keys
ssh
-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1pII1U64N
/wl1OXotWdcU8d8
+ad0q6tkqdBgXLcR5zqXIq9PPe1NeLJ5HS9UIvZeN
/LEyXGYh
+fyg8tFQ+2PN3CmxnVwwcciyl1AKAgTeKUdleh8qcXPZkI0YZBpgTbuYWYHNjA6Qd9cvJSdKe9cVvwsv7N1z17Mx1uIfNSuSZ9e4XqUsJksBAzAYEGar4S13+Y
/il7lquwkrdVBiWfWHmf/WoeY2RnzNBe9YtPVFUPL8HEoYyYaU
+YXXMZKOZ8JwuLu1CPDJHTquSTyqdEwmgJWDdoiipgtyVOEVGZC0CqV16M2YpVqw26rrZ+nXUQYEnTrWyIiqt8
/xvzmeDIf0Q
== user1@node1.lansgg.com
ssh
-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp0Im8iL7UR2b0PWrJ98YY
/nqvjnuYWNc2F52SYn1/WA8rwGBWW0WBmKMoyW8YfSpCVk7QbyhX48Y3KF/Gf16CWRMm8xuyA
+S5Seq3ZGnLbbVhb0OMO8VDAldovnIuPdI6005+ux
/WbG1FKr3WxGs5k92ZO9hbXxpcVAwpvHY47t1v2LH5fW2jThypWMolUdp9TaNy7FkD2zaUNhbdqM1w67OSydiHAMfj183sEso9TykiXJvwlJeLdUMFywPTwfVqu2rxV0lY68B2mwr1pl5mcGPA4/0ruX8vSFsFLev8
+yi7LjccChAu
/suPIFGLqRXrkW8ymsN/l3CkldnS9Y0BQ
== user2@node1.lansgg.com
[gitServer@Aries ~]$
|
客户测试机 无需用户名、密码
|
1
2
3
4
5
6
7
8
9
10
11
|
[user1@node1 ~]$ git clone gitServer@192.168.100.128:
/opt/gitServer/TestProject
.git
Initialized empty Git repository
in
/opt/user1/TestProject/
.git/
The authenticity of host
'192.168.100.128 (192.168.100.128)'
can't be established.
RSA key fingerprint is 9f:32:3a:b0:db:03:b6:c8:fc:a0:47:6c:e5:d1:b0:6a.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'192.168.100.128'
(RSA) to the list of known hosts.
remote: Counting objects: 9,
done
.
remote: Compressing objects: 100% (3
/3
),
done
.
remote: Total 9 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (9
/9
),
done
.
[user1@node1 ~]$
|
如果提交过程:提示如下错误
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
Counting objects: 3,
done
.
Writing objects: 100% (3
/3
), 247 bytes | 0 bytes
/s
,
done
.
Total 3 (delta 0), reused 0 (delta 0)
remote: error: refusing to update checked out branch: refs
/heads/master
remote: error: By default, updating the current branch
in
a non-bare repository
remote: error: is denied, because it will
make
the index and work tree inconsistent
remote: error: with what you pushed, and will require
'git reset --hard'
to match
remote: error: the work tree to HEAD.
remote: error:
remote: error: You can
set
'receive.denyCurrentBranch'
configuration variable to
remote: error:
'ignore'
or
'warn'
in
the remote repository to allow pushing into
remote: error: its current branch; however, this is not recommended unless you
remote: error: arranged to update its work tree to match what you pushed
in
some
remote: error: other way.
remote: error:
remote: error: To squelch this message and still keep the default behaviour,
set
remote: error:
'receive.denyCurrentBranch'
configuration variable to
'refuse'
.
|
试着将如下配置新增到
|
1
2
3
|
[git@JumpServer1 pl.git]$
cat
.git
/config
[receive]
denyCurrentBranch = ignore
|
再次提交
本文转自 西索oO 51CTO博客,原文链接:http://blog.51cto.com/lansgg/1697247
