It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to write protect a Stash git repo

Config Manager Dec 18, 2014

If a Stash project grants write permission to all it's repositories, I don't believe it is possible to remove that access at the repo level, or at least not in Stash, as the hierarchical permission model only works when adding privileges, not removing them. Am I right?

If that is the case, then what is the best way of preventing write access at the git repo level - i.e. applied to the Stash-managed git repo - perhaps for a period of maintenance? I know that a pre-receive hook might prevent pushing, but is there an easier method, that might even stop pulls and clones? BTW I don't much like the Stack Control recommendation of using chmod to do this because it  might be difficult to revert to the previous settings when chmod'ing the whole repo directory.

1 answer

1 accepted

0 votes
Answer accepted
Tim Pettersen Dec 18, 2014

Hi John,

To prevent write access, you could create a Branch Permission that matches against * and restricts updates to just yourself or potentially an empty group. That will block any tag or branch update, effectively making it a read-only repository.

To prevent read access, you'd need to actually remove the read permission. One way to do this without messing with your project permissions is to create a "Read-only" project and physically move the repository into it, and then move it back when you're done with the maintenance.



Config Manager Dec 19, 2014

Hi Tim, Thanks for these suggestions - I had half thought of the branch idea after posting the question, but the second may be better if I wanted to prevent any pull or clone as well since existing urls would be wrong until I put it back again. This certainly would have been best for the particular circumstance I found myself in that prompted the question - I was using BFG to remove a 1.4Gb file that had been unwittingly committed and pushed - the removal was successful! Regards, John

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder :  #!/bin/bash source "$(dirname "$0")/" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

2,009 views 1 19
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you