I am setting up a development environment on a shared server for multiple developers. I will have one repository that houses all code used in production, and many others used for development by different members of the team. What I would like is for the production repo to be 'pull only'. Users can pull from it and get production changes locally whenever they want, but pushes need to be handled by a production admin, or at least require a password. Something like:
[user@machine /devroot/myrepo]$ git pull $PRODUCTION master
From <location>
*branch master -> FETCH_HEAD
Already up-to-date
[user@machine /devroot/myrepo]$ git push $PRODUCTION master
error: user `user` is not authorized for this action
Or
[user@machine /devroot/myrepo]$ git push $PRODUCTION master
HEAD @ `$PRODUCTION`-Please enter password:
I believe I could do this with file permissions, but that doesn't strike me as an elegant solution. Does git have something like this built in?
If you want complex repository access controls, you may want to look into Gerrit. Its primary focus is code review (which is totally worth having as well!), but it also does access control as a side effect.
Otherwise, if you just want something really simple, file permissions are a perfectly good way of handling this on a single machine. So long as a user can't write to the files in the directory containing the repository, they can't push to it. I see nothing inelegant about that at all!