I am investigating the possibility of using Git for code management for my Company. I have 2 questions in this regard:
-
We want extensive logs on each “clone” or “code access” per user. There has been past incidents where the 3rd party consultants tried to access the company’s I.P., but there activities were logged. As of now, when I clone a Git repository, there is no log showing access of any such code.
-
Where must I get logs for this information?
-
More than that, if Git repository is cloned by some engineer, can we still get logs of further “cloning”, if someone tries to clone from them?
-
-
Within same Git repository, is there a way to control access of certain parts of code?
For example, consider a repository namedTOP_DIRwith two subdirectories,TOP_DIR/DIR_GLOBALandTOP_DIR/DIR_SECURE. I want to give read/write access onDIR_SECUREto only few team members, but full read/write to almost everyone forDIR_GLOBAL.
Any pointers in these regards will be highly appreciated.
Thanks for various inputs, this is what I ended up doing:–
(1) On server, I created 3 type of accounts.
(a) sudo ‘ers account
(b) admin for repository — linux group to control access of repository
(c) git user accounts with shell=/usr/bin/git-shell (so they cannot login directly)–added them with the same linux group.
The passwords were mailed to each team member. Whenever they access the system, ssl library records their access at /etc/log/auth_user.log. These logs are not quite enough, but some-where to start with.
Why I did not choose gitolite: Purpose of gitolite is to control access of selective parts of repository. Also, the product is not tested aggressively (as I can see lot of bugs still open) and more so, it does not log the access, nor can it differentiate b/w clone, or any other API. I am thinking of changing git code for being more verbose.