1

So a large client of mine gave me access to their Organisation GitHub account.
With it came a login for myself (on github.companyname.com) and of course access to certain repos on their company account (by switching the user to the company via the button in the top left).

Now I was wondering, since I can create private repos for myself, is it safe for me to use these for non-related projects or can the company administrators access my user's repos despite being private? My understanding of Github is limited as it is, so this extra layer of complexity from the organisation account isn't helping too much.

Thanks,
Mike

UPDATE: Thanks to all of you who posted answers and wrote comments, all were really helpful. I have decided to no host any personal projects on their enterprise account as suggested, and again, as recommended I now host my repos on a private provider like bitbucket.

Mike

asked Oct 20, 2013 at 12:16
8
  • 1
    What are these projects you want to keep from admins. If you are using them for personal projects there is a good chance you signed something indicating they own whatever you make with work resources. Their paid github is their resource. Commented Oct 20, 2013 at 13:31
  • @Rig I would probably use it for personal projects. In the contract that I signed, the fair usage policy said that Personal Use of "company computer systems is permitted" provided it adheres to the rules of the agreement (no illegal activities etc). My main concern is not breaking their agreement as I will probably ask them if it's ok in person, but more can it be accessed by anyone other than myself, which Michael Durrant suggested is not the case. Commented Oct 20, 2013 at 13:46
  • 9
    Why would you even want to do this? Get a free private Bitbucket account. Commented Oct 20, 2013 at 16:36
  • 3
    @Rig No, you get unlimited free private repos with Bitbucket. It's free for teams of up to 5. Commented Oct 20, 2013 at 17:55
  • 1
    @Mackey18 - I know you already decided not to do it, but one thing I didn't see mention, is what happens when your contract is over, you now have private code on hardware you don't have access to. Commented Oct 21, 2013 at 16:55

3 Answers 3

10

I would avoid this -- there are some access / code security issues that are solvable by nothing more complex then having something purely under your control checking out a copy every day but the thornier issue is intellectual property. If it is on the company's account they have a much stronger claim to ownership than if it is under your account. I would not want to open that can of worms myself.

I'll add that bitbucket lets you do unlimited priviate git repositories for free if you just are trying to find a free cloud DCVS provider.

answered Oct 20, 2013 at 14:09
1
  • 2
    Cheers, that's a very valid point. I'll look into BitBucket now. Thanks again. Mike. Commented Oct 20, 2013 at 14:10
3

If you're signing in at github.companyname.com, then they've either set up a domain name for vanity purposes, or it's a GitHub Enterprise installation and not an organisation account on GitHub.com.

It it's the latter then the entire thing is using GitHub's software, but running on a server that companyname controls. Enterprise is provided as a fairly locked-down virtual machine, but the company's admins do have SSH Access, and they can dump all repositories as a single .tar file.

So, unless the user account they gave you also works at GitHub.com, I would have to assume that yes, the company's admin's could access the repository's data if they wanted to.

answered Oct 20, 2013 at 16:26
2
  • This. If the client owns this installation then as a contractor/consultant it's not only foolish but also unethical unless they gave express permission - it's basically the same idea as running your personal web site on their web server. Also, one very easy way to check if it's GitHub Enterprise is to just search for some popular open-source project like jQuery or mongodb. If it's not there, then it's not "real" GitHub. Commented Oct 20, 2013 at 20:49
  • Thank you for this, explains a lot. I have ended up doing as everyone has suggested on here and started using bitbucket to host my files for both the reasons you mentioned. Commented Oct 21, 2013 at 12:56
0

Not unless you add keys from the company (i.e. not yours) to your own github project as collaborators.

answered Oct 20, 2013 at 12:36
1
  • Perfect, I'm guessing there's no way of doing this accidentally is there! Haha. Commented Oct 20, 2013 at 13:21

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.