subject:"\[git\-users\] Strict, domain\-based read\/write vs. read\-only access."

Re: [git-users] Strict, domain-based read/write vs. read-only access.

2016-01-07 Thread David Barr

Hi, Magnus,

Does it help to identify this as a policy requirement, not a technical one?

Our security and executive groups require that the only way we add or modify 
code is within the DEV environment/subdomain/call it whatever you want. You 
MUST NOT add code to a repository from any other environment/subdomain.

What if you're in the TEST environment and you find a bug? Fix it in DEV, 
promote the change, and test again.

What if you're in the PROD environment and your shiny new web application 
crashes because it couldn't handle the load? You MUST NOT modify that code on 
the fly and update the repository from PROD. You MUST take that error back to 
DEV, update your code there, TEST it, and then promote the fix back into PROD.

Does that help?

David

> On Jan 7, 2016, at 14:37, Magnus Therning  wrote:
> 
> So you basically want to include the source IP address in the decision
> of whether a push succeeds?
> 
> I'm sorry but this sounds *amazingly* strange to me. Probably because I
> don't quite get what you mean.
> 

--

David - Offbeat
dafydd - Online http://pgp.mit.edu/

51525354555657--

The most dangerous phrase is, 'We've always done it this way.' –RADM Grace 
Hopper

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [git-users] Strict, domain-based read/write vs. read-only access.

2016-01-07 Thread Magnus Therning


David Barr writes:

> Hi, Magnus,
>
> The Enterprise I'm working at has separated its DEV, TEST, and
> PRODUCTION environments with firewalls.

Ah, so by "environment" you mean network segment, or subdomain.

> Code may be PUSHed to a Code Management System in DEV ONLY. In the
> TEST and PRODUCTION environments, the CMS repository MUST (cf.
> RFC-2119) be PULL ONLY. In proposing a CMS, I MUST include the
> possibility that the same user has access to the same project from
> more than one environment, so controlling access by user won't work.
> If the same user has the same access to the same repository in DEV and
> TEST, what stops that user from adding code via the TEST environment?

So you basically want to include the source IP address in the decision
of whether a push succeeds?

I'm sorry but this sounds *amazingly* strange to me. Probably because I
don't quite get what you mean.

/M

--
Magnus Therning  OpenPGP: 0x927912051716CE39
email: mag...@therning.org   jabber: mag...@therning.org
twitter: magthe   http://therning.org/magnus

Computer Science: "In low-level languages like C"
Computer Engineering: "In high-level languages like C"

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [git-users] Strict, domain-based read/write vs. read-only access.

2016-01-07 Thread Maurizio Vitale

you can have multiple ssh credentials and unless users share the same home
directory (and hence .ssh directory) you can still have different
permissions "per domain" w/ gitolite.


On Thu, Jan 7, 2016 at 6:17 AM, David Barr  wrote:

> Hi, Magnus,
>
> The Enterprise I'm working at has separated its DEV, TEST, and PRODUCTION
> environments with firewalls.
>
> Code may be PUSHed to a Code Management System in DEV ONLY. In the TEST
> and PRODUCTION environments, the CMS repository MUST (cf. RFC-2119) be PULL
> ONLY. In proposing a CMS, I MUST include the possibility that the same user
> has access to the same project from more than one environment, so
> controlling access by user won't work. If the same user has the same access
> to the same repository in DEV and TEST, what stops that user from adding
> code via the TEST environment?
>
> Thanks!
> David
>
> > On Jan 7, 2016, at 02:59, Magnus Therning  wrote:
> >
> > What do you mean by "enviroment" here?
> >
> > It's common to authorize by user, or by group, but I simply don't
> > understand what you mean by "environment".
> >
>
> --
>
> David - Offbeat
> dafydd - Online http://pgp.mit.edu/
>
> 51525354555657--
>
> Werner Heisenberg is driving down the autobahn. A police officer pulls
> him over. The officer says, "Excuse me, sir, do you know how fast you
> were going?"
> "No," replies Dr. Heisenberg, "but I know where I am."
>
> --
> You received this message because you are subscribed to the Google Groups
> "Git for human beings" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to git-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

2016-01-07 Thread David Barr

Hi, Magnus,

The Enterprise I'm working at has separated its DEV, TEST, and PRODUCTION 
environments with firewalls.

Code may be PUSHed to a Code Management System in DEV ONLY. In the TEST and 
PRODUCTION environments, the CMS repository MUST (cf. RFC-2119) be PULL ONLY. 
In proposing a CMS, I MUST include the possibility that the same user has 
access to the same project from more than one environment, so controlling 
access by user won't work. If the same user has the same access to the same 
repository in DEV and TEST, what stops that user from adding code via the TEST 
environment?

Thanks!
David

> On Jan 7, 2016, at 02:59, Magnus Therning  wrote:
> 
> What do you mean by "enviroment" here?
> 
> It's common to authorize by user, or by group, but I simply don't
> understand what you mean by "environment".
> 

--

David - Offbeat
dafydd - Online http://pgp.mit.edu/

51525354555657--

Werner Heisenberg is driving down the autobahn. A police officer pulls
him over. The officer says, "Excuse me, sir, do you know how fast you
were going?"
"No," replies Dr. Heisenberg, "but I know where I am."

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [git-users] Strict, domain-based read/write vs. read-only access.

2016-01-06 Thread David Barr

Hi, Chris,

Thanks for the ideas. Unfortunately, I'm not sure they'll work for me. While 
these solutions provide authorization by project, I need something that will 
provide authorization by environment. I need to give an arbitrary user `push` 
access to a project from DEV, but refuse that same access to the same user if 
he is approaching from TEST or PROD. Git doesn't appear to track connecting 
hosts. So, I seem to need two servers, with two levels of authorization.

David

> On Jan 6, 2016, at 12:45, Chris Stone  wrote:
> 
> Have you looking into using a dedicated server package such as gitosis or 
> gitolite? I know github also has a version of there software available as 
> well.

--

David - Offbeat
dafydd - Online http://pgp.mit.edu/

51525354555657--

The most dangerous phrase is, 'We've always done it this way.' –RADM Grace 
Hopper

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [git-users] Strict, domain-based read/write vs. read-only access.

2016-01-06 Thread Chris Stone

Have you looking into using a dedicated server package such as gitosis 
or gitolite? I know github also has a version of there software 
available as well.


Sounds like a solution similar to what is used on drupal.org might work 
for your needs.


Any one can clone a project from drupal.org using git clone 
http://git.drupal.org/project/"name or repo" however only users that 
have ssh access and have been giving commit rights to a project can 
commit to the repository since drupal.org using ssh access to push any 
changes up to there project repos.


On 1/6/2016 10:31 AM, David Barr wrote:

Good Morning,

I need to pitch an Enterprise level code management system. This 
system needs to have some fairly strict read-only vs. read/write 
requirements based on environment.


I first asked this question in Stack Overflow 
, 
but I need to flesh out additional details...


Posit three environments identified by their subdomains: 
DEV.example.com, TEST.example.com, and PROD.example.com.


  * The three subdomains have firewalls between them, and cross-domain
access is the exception, not the rule.
  * DEV is the only subdomain that is allowed to push code to a
central git repository.
  * TEST and PROD MUST  be pull
only. Repositories MUST NOT be modifiable from these subdomains.
  o Include the possibility that developers and testers may be the
same people, so user-based access control to a single git
repository won't work.

The solution that I came up with use two repository servers: 
git.DEV.example.com and git.PROD.example.com.


  * Projects in git.DEV.example.com include
  o Project directories owned by git:.
  o Group-based access control via "git init --shared=group
/path/to/project".
  o Push control set with "git remote add -t master -m master
--mirror=push gitPROD
ssh://g...@git.prod.example.com/path/to/project.git"
  o The "git push gitPROD" command in hooks/post-update.
  o git-web installed, but push access via SSH only. (WebDAV
probably wouldn't be approved by security.)
  * Matching projects in git.PROD.example.com would include
  o Project directories owned by git:git.
  o Access control via "git init --bare --shared=0644
/path/to/project.git".
  o git-web installed, and read access available via http.
Firewall modifications would be made to allow http GET access
from anywhere in TEST or PROD.

So, a developer has a git repository in their local workspace. When 
they're happy with their code, in whatever branch they're on, they 
push to git.DEV.example.com as their central repository in DEV. When 
that push happens, git.DEV.example.com automagically pushes the MASTER 
branch ONLY up to git.PROD.example.com. (If MASTER isn't changed, 
existing "no changes to push" results are fine.)


Here are my questions:

  * Am I missing a substantially easier solution?
  * For "--shared=group" is the group membership of the .git directory
the relevant group? I think so, but I would appreciate verification.
  * When the post-update script fires, who is the initiating user?
  o Is it the developer pushing to the repository?
  o Is it the user associated with the .git directory?
  o I need to know what user is launching the "git push gitPROD"
in order to allow/limit access on git.PROD.example.com.

Thanks!
David

--
You received this message because you are subscribed to the Google 
Groups "Git for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to git-users+unsubscr...@googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Git for 
human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[git-users] Strict, domain-based read/write vs. read-only access.

2016-01-06 Thread David Barr

Good Morning,

I need to pitch an Enterprise level code management system. This system 
needs to have some fairly strict read-only vs. read/write requirements 
based on environment.

I first asked this question in Stack Overflow 
,
 
but I need to flesh out additional details...

Posit three environments identified by their subdomains: DEV.example.com, 
TEST.example.com, and PROD.example.com.


   - The three subdomains have firewalls between them, and cross-domain 
   access is the exception, not the rule.
   - DEV is the only subdomain that is allowed to push code to a central 
   git repository.
   - TEST and PROD MUST  be pull 
   only. Repositories MUST NOT be modifiable from these subdomains.
  - Include the possibility that developers and testers may be the same 
  people, so user-based access control to a single git repository won't 
work.
   
The solution that I came up with use two repository servers: 
git.DEV.example.com and git.PROD.example.com.

   - Projects in git.DEV.example.com include
  - Project directories owned by git:.
  - Group-based access control via "git init --shared=group 
  /path/to/project".
  - Push control set with "git remote add -t master -m master 
  --mirror=push gitPROD ssh://g...@git.prod.example.com/path/to/project.git
  "
  - The "git push gitPROD" command in hooks/post-update.
  - git-web installed, but push access via SSH only. (WebDAV probably 
  wouldn't be approved by security.)
   - Matching projects in git.PROD.example.com would include
  - Project directories owned by git:git.
  - Access control via "git init --bare --shared=0644 
  /path/to/project.git".
  - git-web installed, and read access available via http. Firewall 
  modifications would be made to allow http GET access from anywhere in 
  TEST or PROD.
   
So, a developer has a git repository in their local workspace. When they're 
happy with their code, in whatever branch they're on, they push to 
git.DEV.example.com as their central repository in DEV. When that push 
happens, git.DEV.example.com automagically pushes the MASTER branch ONLY up 
to git.PROD.example.com. (If MASTER isn't changed, existing "no changes to 
push" results are fine.)

Here are my questions:

   - Am I missing a substantially easier solution?
   - For "--shared=group" is the group membership of the .git directory the 
   relevant group? I think so, but I would appreciate verification.
   - When the post-update script fires, who is the initiating user?
  - Is it the developer pushing to the repository?
  - Is it the user associated with the .git directory?
  - I need to know what user is launching the "git push gitPROD" in 
  order to allow/limit access on git.PROD.example.com.
   
Thanks!
David

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

Re: [git-users] Strict, domain-based read/write vs. read-only access.

[git-users] Strict, domain-based read/write vs. read-only access.

7 matches

Site Navigation

Mail list logo

Footer information