The documentation wrongfully (in my mind) assumes that the reader should be familiar with all the possible permissions combinations:
The full set of permissions, in regex syntax, is
-|R|RW+?C?D?M?. This expands to one of-, R, RW, RW+, RWC, RW+C, RWD, RW+D, RWCD, or RW+CD, all but the first two optionally followed by an M. And by now you know what they all mean.
the problem is, All but the first 4 cases are not discussed in the document.
Can someone please explain what these additional 'C', 'D' and 'M' symbols mean?
More on gitolite doc.
C allows you to push but not create a ref, D allows you to rewind but not delete a ref, and M allows you to reject merge commits.
Sometimes you want to allow people to push, but not create a ref. Or rewind, but not delete a ref. The C and D qualifiers help here.
When a rule specifies RWC or RW+C, then rules that do NOT have the C qualifier will no longer permit creating a ref.
Please do not confuse this with the standalone C permission that allows someone to create a repo
When a rule specifies RWD or RW+D, then rules that do NOT have the D qualifier will no longer permit deleting a ref.
Note: These two can be combined, so you can have RWCD and RW+CD as well.
One very rare need is to reject merge commits (a commit series that is not a straight line of commits). The M qualifier helps here:
When a rule has M appended to the permissions, rules that do NOT have it will reject a commit sequence that contains a merge commit (i.e., they only accept a straight line series of commits).