linux - Prevent other git authors

Question

I have setup my own private git server, and have a team of 5 members. I have their user accounts all setup, but how do I prevent commits to the remote being done by random weird accounts. Because some of my team also use github and wouldn't want their usernames appearing in the log, but rather their username I assign them.

Answer 1

To prevent people committing using "random weird accounts", you could set up a git pre-receive hook to validate the commiter/author names on incoming commits against a list of valid names. But this doesn't provide the authentication component.

To prevent impersonation, you could simply required that all commmits are gpg-signed (git commit -S ...), and have you pre-receive hook validate the signatures against a gpg keyring on the server.

Depending on how people are connecting to your remote server, you could also explicitly match the commiter/author name against the username used for the connection, if you have access to that.

Update 1

If your committers are pushing to your server over ssh, then the third option above is probably the easiest. In your .ssh/authorized_keys file, set an environment variable for each key that identifies the user:

environment="SSH_USER=lars" ssh-rsa ...

And then in your pre-receive hook, you can use that environment variable to look up valid committer names/emails against some table. You can read about pre-receive hooks in the githooks(5) man page, they receive on stdin a lines of the form:

<oldrev> <newrev> <refname>

You can get the commit name from <newrev> like this:

commiter_name=$(git show -s --format='format:%cn' <newrev>)

And the mail using %ce instead of %cn.

Update 2

Or heck, just forget table lookups. In your .ssh/authorized_keys file:

environment="ALLOWED_NAME=Bob Jones",environment="[email protected]" ssh-rsa ...

And then in your pre-receive hook:

#!/bin/sh

while read oldrev newrev refname; do
  cn=$(git show -s --format='format:%cn' $newrev)
  ce=$(git show -s --format='format:%ce' $newrev)

  [ "$cn" = "$ALLOWED_NAME" ] || {
    echo "*** Inalid committer name"
    exit 1
  }

  [ "$ce" = "$ALLOWED_EMAIL" ] || {
    echo "*** Inalid committer email"
    exit 1
  }

done

And I think you have what you want.

Update 3

You could probably accomplish something similar using http authentication, because within your pre-receive script you would have access to the REMOTE_USER environment variable, which contains the name of the authenticated remote user. You would probably need to go with some sort of table lookup to get value of approved names and email addresses.