Securing Git server on windows?

Using msysgit and copssh, is it possible to secure the ssh part such that it can only access the relevant git executables and also be constrained to access only one folder?

I have a feeling that a git server on windows will be very much more open than a svn server like visual svn. I'm hoping to be proved wr开发者_开发问答ong.

I would use a Linux server for your central Git repository. Install gitolite. This will enable you to administer branch rights etc.

UPDATE:

As per your recent comments, just go with unfuddle and be done with it in 1 minute. If you're concerned about using up the 500MB of space they give, large non-private artifacts can be stored as a submodule that can be hosted on github.

hope this helps!

On Windows, I have found Apache and Smart Http ( git-http backend ) to be the best way to host a Git server.

https://web.archive.org/web/20100308035130/http://progit.org/2010/03/04/smart-http.html

And coming to access control, I would advice you to keep it simple and have an access conf file svn or even gitolite / gitosis and write simple hooks in the Git repo ( in Python, Ruby, etc. )

The hooks will provide you pretty good control to the Git repo. You can control checkins per branch, checkins to particular folders etc.

Have a look at the git hooks man page. pre-receive or update are the hooks that you can make use of for this purpose.

Look at this awesome chapter from Pro Git on how to use Git hooks on the server side to enforce policy - https://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy

You can easily adjust them and add functionality to suit your purpose.

I would very much recommend using one of the Git-HTTP projects. See my answer at: https://serverfault.com/questions/58425/setting-up-git-repository-on-remote-windows-server/163065#163065

You're trying to make Windows behave like UNIX. Better go with the flow, and use a .NET based solution as Git server backend.

When you have the deal with a small 2-person project (as you mentioned in the comments), you can also host the git repository on a Windows network share. It just works, and you clone the UNC path (or mapped drive letter) in your git client.

For UNC paths, when you use slashes instead of backslashes (i.e. //server01/git/myrepos.git).

An alternative might be to use https://github.com/jakubgarfield/Bonobo-Git-Server/wiki

When I started looking at setting up a corporate git service, we have the following requirements: 1. Manage git repositories as projects, where we can provide self-service access control at project level. 2. LDAP login integration 3. Low administrative effort

I evaluated vanilla git, git + git-http, gitolite. These solution would require an admin person to manage the access control. If the team is big, this will be a significant effort. If the team is small (5-10 developers), vanilla git is ok.

I looked at github enterprise, use github, and later bitbucket. We eventually bought bitbucket and have a on-prem version up and running. bitbucket meets all our requirements. In addition, we can selectively sync some of the AD group to bitbucket and manage access at group level.