描述一下体验不好的点

问题：访问令牌权限只读权限无效？

问题描述：添加访问令牌，设置名称后，使用范围为指定仓库，授权范围为：代码只读(repo-code:r) ； 我的理解是这样配置权限，该token只能拉取代码(clone/pull)，但是在使用过程中经过测试只读权限token还是可以push代码到服务器。

加上环境变量 GIT_CURL_VERBOSE=1 然后再 push 会打印出详细日志， 然后把日志帖出来我们定位看看。

[root@fightlinux test-deploy]# git push -u origin master:master

• Couldn't find host cnb.cool in the .netrc file; using defaults
• About to connect() to cnb.cool port 443 (#0)
• Trying 81.71.248.77...
• Connected to cnb.cool (81.71.248.77) port 443 (#0)
• Initializing NSS with certpath: sql:/etc/pki/nssdb
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=*.cnb.cool,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN
  

•   start date: Aug 25 00:00:00 2025 GMT
  

•   expire date: Sep 15 23:59:59 2026 GMT
  

•   common name: *.cnb.cool
  

•   issuer: CN=DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1,O="DigiCert, Inc.",C=US
  

GET /newbeelinux/ops/test.git/info/refs?service=git-receive-pack HTTP/1.1
User-Agent: git/1.8.3.1
Host: cnb.cool
Accept: /
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Thu, 18 Sep 2025 14:26:56 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 12
< Connection: keep-alive
< Server: nginx/1.26.3
< Traceparent: 00-e35160e79b95e5d59e772901b99cd92e-d5f0dc780cd383d7-01
<< Basic realm="CNB"
< Vary: Accept-Encoding, Accept
< Strict-Transport-Security: max-age=63072000
<

• Connection #0 to host cnb.cool left intact
  Username for 'https://cnb.cool': cnb
  Password for 'https://cnb@cnb.cool':
• Couldn't find host cnb.cool in the .netrc file; using defaults
• Found bundle for host cnb.cool: 0x1636360
• About to connect() to cnb.cool port 443 (#1)
• Trying 81.71.248.77...
• Connected to cnb.cool (81.71.248.77) port 443 (#1)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=*.cnb.cool,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN
  

•   start date: Aug 25 00:00:00 2025 GMT
  

•   expire date: Sep 15 23:59:59 2026 GMT
  

•   common name: *.cnb.cool
  

•   issuer: CN=DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1,O="DigiCert, Inc.",C=US
  

GET /newbeelinux/ops/test.git/info/refs?service=git-receive-pack HTTP/1.1
User-Agent: git/1.8.3.1
Host: cnb.cool
Accept: /
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 401 Unauthorized
< Date: Thu, 18 Sep 2025 14:27:11 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 12
< Connection: keep-alive
< Server: nginx/1.26.3
< Traceparent: 00-48e7529084f462d89affd7ead748e309-51db3686098aa11f-01
<< Basic realm="CNB"
< Vary: Accept-Encoding, Accept
< Strict-Transport-Security: max-age=63072000
<

• Ignoring the response-body
• Connection #1 to host cnb.cool left intact
• Issue another request to this URL: 'https://cnb.cool/newbeelinux/ops/test.git/info/refs?service=git-receive-pack'
• Couldn't find host cnb.cool in the .netrc file; using defaults
• Found bundle for host cnb.cool: 0x1636360
• Re-using existing connection! (#1) with host cnb.cool
• Connected to cnb.cool (81.71.248.77) port 443 (#1)
• Server auth using Basic with user 'cnb'

GET /newbeelinux/ops/test.git/info/refs?service=git-receive-pack HTTP/1.1
Authorization: Basic Y25iOjNVbWYxYWZhVnRUemdaWXRUYUdxZXgwNG52RQ==
User-Agent: git/1.8.3.1
Host: cnb.cool
Accept: /
Accept-Encoding: gzip
Pragma: no-cache

< HTTP/1.1 200 OK
< Date: Thu, 18 Sep 2025 14:27:11 GMT
< Content-Type: application/x-git-receive-pack-advertisement
< Content-Length: 229
< Connection: keep-alive
< Server: nginx/1.26.3
< Cache-Control: no-cache, max-age=0, must-revalidate
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Traceparent: 00-3aa25b0f7c8959c0386459eb5a9f86e2-f12f8aa69f9021cf-01
< Traceparent: 00-3aa25b0f7c8959c0386459eb5a9f86e2-861046a521f35189-01
< Vary: Accept-Encoding, Accept
< Strict-Transport-Security: max-age=63072000
<

• Connection #1 to host cnb.cool left intact
  Counting objects: 3, done.
  Writing objects: 100% (3/3), 200 bytes | 0 bytes/s, done.
  Total 3 (delta 0), reused 0 (delta 0)
• Couldn't find host cnb.cool in the .netrc file; using defaults
• About to connect() to cnb.cool port 443 (#2)
• Trying 81.71.248.77...
• Connected to cnb.cool (81.71.248.77) port 443 (#2)
• CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
• SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• Server certificate:

•   subject: CN=*.cnb.cool,O=Tencent Technology (Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN
  

•   start date: Aug 25 00:00:00 2025 GMT
  

•   expire date: Sep 15 23:59:59 2026 GMT
  

•   common name: *.cnb.cool
  

•   issuer: CN=DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1,O="DigiCert, Inc.",C=US
  

• Server auth using Basic with user 'cnb'

POST /newbeelinux/ops/test.git/git-receive-pack HTTP/1.1
Authorization: Basic Y25iOjNVbWYxYWZhVnRUemdaWXRUYUdxZXgwNG52RQ==
User-Agent: git/1.8.3.1
Host: cnb.cool
Accept-Encoding: gzip
Content-Type: application/x-git-receive-pack-request
Accept: application/x-git-receive-pack-result
Content-Length: 354

• upload completely sent off: 354 out of 354 bytes
  < HTTP/1.1 200 OK
  < Date: Thu, 18 Sep 2025 14:27:11 GMT
  < Content-Type: application/x-git-receive-pack-result
  < Content-Length: 52
  < Connection: keep-alive
  < Server: nginx/1.26.3
  < Traceparent: 00-7708aaf8a5b4dc8ebb286ef29d4c8083-6856e65ad85c9f05-01
  < Traceparent: 00-7708aaf8a5b4dc8ebb286ef29d4c8083-821baef44def5a04-01
  < Vary: Accept-Encoding, Accept
  < Strict-Transport-Security: max-age=63072000
  <
• Connection #2 to host cnb.cool left intact
  To https://cnb.cool/newbeelinux/ops/test.git
• [new branch] master -> master
  Branch master set up to track remote branch master from origin.
  [root@fightlinux test-deploy]#

加上环境变量 GIT_CURL_VERBOSE=1 然后再 push 会打印出详细日志， 然后把日志帖出来我们定位看看。

@wenqiuli(阿秋) 这个问题是否持续关注呢？这个问题是否可以解决呢