Gitano permits anonymous (i.e. without authentication) access to support the use of git-daemon and cgit.

This works by checking whether each repository is readable by the special "gitano/anonymous" user.

Mandatory anonymous read

To force all repositories to support anonymous read, run the following commands to uncomment the code in project.lace.

$ git clone git@my-gitano.example.com gitano-admin
$ cd gitano-admin
$ sed -i 's/# \(allow "Anonymous access always allowed".*\)/\1/' rules/project.lace
$ git commit -am 'Enable anonymous read'
$ git push origin HEAD

This is suitable for open source project hosting, where hosting is freely available, but the code must be open.

Default anonymous read

To make repositories readable unless the repository specifically disables it, run the following commands to uncomment the code in core.lace.

$ git clone ssh://git@my-gitano.example.com/gitano-admin.git gitano-admin
$ cd gitano-admin
$ sed -i 's/# \(allow "Anonymous access is okay".*\)/\1/' rules/core.lace
$ git commit -am 'Enable anonymous read'
$ git push origin HEAD

For a project to disable anonymous access it must add the following to its rules/main.lace in the refs/gitano/admin branch.

deny "Anonymous access is not permitted" [user is "gitano/anonymous"]

This is appropriate for open source project hosting where most repositories will be freely readable, but some repositories, such as dotfiles and deployment configuration, will need to keep some data secret.

Opt-in anonymous read

The default rule set does not allow anonymous read, but it may be opted into on a per-repository basis, by adding the following to its rules/main.lace in the refs/gitano/admin branch.

allow "Anonymous access is permitted" [user is "gitano/anonymous"]