Scenario:
You run a linux or wsl-equipped windows development machine where you do 90% of work for organization A using github.com and 10% for “other” and you strictly must not use the same github account. Both types of work require multiple repos so handling access per-repo is tedious.
Scenario B: Privilege separation
You have an account with high privilege on certain repos which you need to keep, i.e. to override CI failure on time critical issues, be able to block access on short notice or do things you would not allow the juniors to do. But you want to saveguard your 95% daily work against accidentally doing something to the wrong repo
Approach:
Have two separate operating system users. Actual access control on the filesystem is not the issue we want to tackle but separation of accounts. You can even “share” the code
mkdir /srv/develop
chown -R primaryuser:users /srv/develop
chmod chmod g+rwx /srv/develop
Now login every user to his appropriate github account
sudo su – primaryuser
ln -s /srv/develop /home/primaryuser/develop
gh auth login -h github.com -w -phttps
gh auth login corporategithub.com -w -phttps
Don’t forget to logout and login to the other ui user
sudo su – otheruser
ln -s /srv/develop /home/otheruser/develop
gh auth login -h github.com -w -phttps
gh auth login -h othercorporategithub.com -w -phttps
Logout again. After this point you don’t need to login to different browser sessions all the time.
You can also use prepared github personal tokens of each users and save the web browser hassle. I chose to go the UI way this time.
You can freely connect IDE’s to repos using your primary account for both types of repos.
The only thing you must avoid is pushing and PRing through the IDE.
Instead have a terminal window for each type of account and do it there
git push —
# This should not be possible to get wrong. Github will not allow you to push to a repo the account does not have access to.
gh pr create –fill
# Create PRs without hitting the browser and avoid all the login handling. Alternatively you can use another browser profile or browser install, i.e. use Firefox for your oddball account and your primary browser (probably something chromium based) for the main use case.