We are using Gitlab 13.8.4-ee self-managed version. Our projects and repos have been set with correct permissions for push and visibility is also internal.
However, through Git bash (and also using Sourcetree) we notice that if we create random users using below command
git config --global user.name “Test”
and then commit and push a code, it is overriding the branch and project permissions and allowing these users to push the code.
Check in your project directory and the .git/config file within that. Perhaps the user is stored in that .git/config file, and overrides whatever you put in the global config. You might have in your .git/config file something like this:
email = firstname.lastname@example.org
name = My Name
signingkey = MyGPGKey
if it’s not got a section like that, it could be in the url within the .git/config like this:
url = https://myusername:email@example.com/myusername/myproject
also check the contents of the .gitconfig file in your home directory, just in case multiple users are listed in there, although it shouldn’t.