Answer the question
In order to leave comments, you need to log in
How to restrict customer access to Git on a production server, provided that the customer has ftp access?
Good afternoon.
There is a VPS server with Debian OS with several sites. I have root access.
I upload his site to this server for the customer in one of the directories.
The customer has access to the directory with his site. The customer works as the user user, The owner of his project files is also the user user.
I mainly use GIT to upload files to the server. Also, in some cases, I use GIT files that I or the customer changed directly on the production server. I synchronize GIT on different machines (developer and production) through a common repository.
The customer has the full right to see the source files of his site. But I do not want the customer to have access to GIT so that he can see the change history or be able to copy the repository.
What is the best way to limit the customer's ability to work with git and the ability to copy the GIT repository, provided that I need GIT for work?
So far, I have found such a temporary solution for myself. After working with GIT, I set the owner of the c GIT folder to the root user with rights to the 0700 folder. Thus, the customer, logging in via ftp as the user user, cannot access the folder. When I need to use GIT again, I manually return the owner and permissions of the folder and work with it. After the end of the work, I again change the owner of the folder. To automate the opening and closing of rights to the GIT folder, I think to write a couple of scripts.
Although this is a solution to the question, but it has drawbacks. You have to boot as root first to change the permissions on the folder. Then log in as user to work with GIT. The second drawback is that for some time (half an hour or an hour), the directory with GIT may remain available to the user user and the customer may take it away.
Theoretically, it would be possible to immediately set the rights to the GIT folder only to the root user and work with GIT only as root. But in this case, when GIT checkouts, new project files will be created with the owner root and these files will not be accessible to web server processes. Can GIT, when running as a single user, change the owner and file permissions?
In general, I would like to get advice, is there any beautiful solution in this?
Answer the question
In order to leave comments, you need to log in
For example, do not engage in sadomasochism and keep the repository on github or bitbucket, deploy everything culturally and at the same time there will be no problems with the customer's access to the turnip.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question