Applying deny rules to read access

In the previous chapter, when we looked at the deny rules, we showed them only in the context of a write operation, controlling whether a certain branch or tag can be pushed or not.

By default, the deny rules are not examined when checking read access. So something like the following:

@junior-devs = alice bob carol
repo foo
    -             =  bob
    RW+           =  @junior-devs

will not prevent Bob from at least reading the repository (that is, using git clone or git fetch), even though the deny rule appears first.

However, it is possible to make Gitolite act on deny rules in this case also. This is achieved by specifying a Gitolite option called deny-rules, as follows:

repo foo
    -                   =  bob
    RW+                 =  @junior-devs
    option deny-rules   =   1

Now Bob ...

Get Gitolite Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Gitolite Essentials by Sitaram Chamarty

Applying deny rules to read access

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly