Checking / fixing permissions on hosted git projects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey all,

Every so often we've had problems with uses having permissions
problems in git repos on hosted.  This is less of an issue over the
past few months as we backported a patch from upstream git to ensure
that git sets the permissions properly as well as setting the right
permissions with the gitsetup.sh script when creating new repos¹.

¹ Except for the minor issue that it issues a mildly overly broad
  'chmod -R g+w .' -- which makes any files in the objects tree group
  writable even though they are not intended nor required to be
  writable by anyone.  Objects are read only for git.

To help ensure that we don't end up with any new permissions problems
I whipped up a git-check-perms script which might be useful to run as
a cron job once a daily or even weekly.  It should alert us to any new
problems with git or with our setup/import scripts.  It can also be
used to correct any problems found, after we've looked into what
caused them, of course.  The script is in ~tmz/bin/git-check-perms on
hosted1.

Before the output of this is clean and suitable for a cron job, there
are a few minor things that should be fixed.  Mostly this is fixing
files in the objects dir that have unneeded write permissions.  There
are also a few config and commit-list files that would get group write
permissions added.  Neither of these things cause any real problems,
but they differ from how we'd like to setup and import git projects,
so making them consistent will make things simpler all around.

The list of changes the script would make is attached.  If anyone has
a moment to check that it looks sane, that would great.  The short
list of non-objects dir issues is:

/git/Virtualization_Guide.git/commit-list: Not group writable (should be "0664")
/git/augeas.git/commit-list: Not group writable (should be "0664")
/git/collie.git/commit-list: Not group writable (should be "0664")
/git/comps-extras.git/logs: Not SETGID (should be "02775")
/git/comps-extras.git/logs/refs: Not SETGID (should be "02775")
/git/comps-extras.git/logs/refs/heads: Not SETGID (should be "02775")
/git/docs/install-guide.git/config: Not group writable (should be "0664")
/git/docs/release-notes.git/config: Not group writable (should be "0664")
/git/fastback.git/commit-list: Not group writable (should be "0664")
/git/grubby.git/commit-list: Not group writable (should be "0664")
/git/grubby.git/config: Not group writable (should be "0664")
/git/moksha.git/commit-list: Not group writable (should be "0664")
/git/pam_url.git/config: Not group writable (should be "0664")
/git/piranha.git/commit-list: Not group writable (should be "0664")
/git/simon.git/commit-list: Not group writable (should be "0664")
/git/sssd.git/commit-list: Not group writable (should be "0664")

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Becoming aware of my character defects leads me naturally to the next
step of blaming my parents.

Attachment: git-perms.gz
Description: GNU Zip compressed data

Attachment: pgpTWgv2oaSVQ.pgp
Description: PGP signature

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux