git branch permissions

Question

Is it possible to set branch permissions using git bash? I would like to have much more strict permissions on the master branch, so that some people can use the development branch and commit to it and may not change the master branch themselves.

If it is possible how would I go about trying to do it?

Does this answer your question? [How to restrict access to master branch on git](https://stackoverflow.com/questions/38864405/how-to-restrict-access-to-master-branch-on-git) — 1615903, May 20 '20 at 08:07

score 29 · Accepted Answer · edited May 23 '17 at 12:09

29

Git does not have branch specific permissions. You can either make the whole repository read only to the people or create one private and one public repository and only push the development branch to the public on while keeping the master only in your private repository.

Edit: For branch specific permissions, you need a server-side authorization layer like Gitolite — obviously, this requires you to be managing your own Git server.

edited May 23 '17 at 12:09

Community

1
1

answered Nov 06 '12 at 09:49

Trudbert

2,998
12
14

5

this isn't true in 2016 anymore :P there are branch restrictions in github – Daij-Djan May 19 '16 at 08:36
30

I feel the need to emphasize that the question was about GIT, not github, which is a different thing altogether. :) – Matthew Blackwind Oct 17 '16 at 10:43
1

Gitolite link should be https://git-scm.com/book/en/v1/Git-on-the-Server-Gitolite – gtiwari333 Jan 18 '17 at 00:37

score 5 · Answer 2 · answered Jun 12 '14 at 20:08

A typical scenario where this might be needed is to restrict access to official (or release) branches to a subset of people on a team. A good strategy here might be to have two repos -- a primary repo that is more tightly access controlled, and another repo that everybody in the team has access to and is used to setup working branches. And perform pull from the working branches to the main repo, as needed. Of course, you can tweak this to fit your team structure and needs.

This can work especially well with services like github.

score 5 · Answer 3 · answered Feb 21 '15 at 08:46

5

bitbucket supports branch restriction. See the link here : https://blog.bitbucket.org/2013/09/16/take-control-with-branch-restrictions/

answered Feb 21 '15 at 08:46

sudip

2,503
25
40

score 3 · Answer 4 · answered Oct 11 '17 at 18:16

If your developers team is a civilized bunch who only need a friendly reminder, you can reject a push using a pre-receive server-side hook:

#!/bin/bash

# Extract the user email (%ae) from the last commit (author email)
USER_EMAIL=$(git log -1 --format=format:%ae HEAD)

# Looping through all the pushed branches
while read oldrev newrev refname
do
    branch=$(git rev-parse --symbolic --abbrev-ref $refname)
    if [ "master" == "$branch" ] && [ "the_integrator@your_company.com" != $USER_EMAIL ]; then
        echo "Naughty naughty!"
        exit 1 # fail, i.e. reject push
    fi
done

Although users can easily fake their git email address, I would still make the hook file itself read only.

Refs:

git branch permissions

4 Answers4

Linked

Related