A simple git-hook written in Rust that provides a rudimentary ACL functionality.
Inspired by seryl's git-acl-hooks.
- You have the ability to build Rust applications
- You have access to the
.git/hooksdirectory of your remote repository
- Build the project using
cargo - Define, commit, and push up an
aclfile - Copy
git-acl-hookinto your remote.git/hooks/and name itupdate
The acl file syntax is comprised of sections made up of the following:
/regular-expression/
access = ACCESS_TYPE
users = USER1 USER2
The file format allows for commands for lines that begin with #.
- Each section starts with a regular expression that supports
uandiflags. accesscan have one of two possible values:read-onlyorread-write.usersis a whitespace delineated list of case-sensitive POSIX user names.usersalso accepts a wildcard for*to match all users
The default behavior is to allow Read-Write access to all files, and the rulesets function as follows:
If a changed file matches a Read-Write section's regular expression:
- The file is restricted to the users listed in the section.
If a changed file matches a Read-Only section's regular expression:
- The file is writable by any user not listed in the section.
To change this behavior, you can set default at the top of the acl file to read-only.
Example:
default = read-only
/^some-file/
access = read-write
users = user1
In this case, all files will be Read-Only unless explicitly given read-write.
A custom ACL file can be used by setting the GIT_ACL_HOOK_FILE
environment variable.
It's important to make sure that changes to the acl file is limited. In the
event the acl file isn't regulated, a warning will be outputted stating that
the acl file isn't regulated.
# Everything is read-write by default
# Uncomment the below to by read-only
# by default:
#default = read-only
/^acl$/
access = read-write
users = adminuser adminuser2
# This sets up read-write access to a folder
/^lib/
access = read-write
users = adminuser