Hey all, Every so often we've had problems with uses having permissions problems in git repos on hosted. This is less of an issue over the past few months as we backported a patch from upstream git to ensure that git sets the permissions properly as well as setting the right permissions with the gitsetup.sh script when creating new repos¹. ¹ Except for the minor issue that it issues a mildly overly broad 'chmod -R g+w .' -- which makes any files in the objects tree group writable even though they are not intended nor required to be writable by anyone. Objects are read only for git. To help ensure that we don't end up with any new permissions problems I whipped up a git-check-perms script which might be useful to run as a cron job once a daily or even weekly. It should alert us to any new problems with git or with our setup/import scripts. It can also be used to correct any problems found, after we've looked into what caused them, of course. The script is in ~tmz/bin/git-check-perms on hosted1. Before the output of this is clean and suitable for a cron job, there are a few minor things that should be fixed. Mostly this is fixing files in the objects dir that have unneeded write permissions. There are also a few config and commit-list files that would get group write permissions added. Neither of these things cause any real problems, but they differ from how we'd like to setup and import git projects, so making them consistent will make things simpler all around. The list of changes the script would make is attached. If anyone has a moment to check that it looks sane, that would great. The short list of non-objects dir issues is: /git/Virtualization_Guide.git/commit-list: Not group writable (should be "0664") /git/augeas.git/commit-list: Not group writable (should be "0664") /git/collie.git/commit-list: Not group writable (should be "0664") /git/comps-extras.git/logs: Not SETGID (should be "02775") /git/comps-extras.git/logs/refs: Not SETGID (should be "02775") /git/comps-extras.git/logs/refs/heads: Not SETGID (should be "02775") /git/docs/install-guide.git/config: Not group writable (should be "0664") /git/docs/release-notes.git/config: Not group writable (should be "0664") /git/fastback.git/commit-list: Not group writable (should be "0664") /git/grubby.git/commit-list: Not group writable (should be "0664") /git/grubby.git/config: Not group writable (should be "0664") /git/moksha.git/commit-list: Not group writable (should be "0664") /git/pam_url.git/config: Not group writable (should be "0664") /git/piranha.git/commit-list: Not group writable (should be "0664") /git/simon.git/commit-list: Not group writable (should be "0664") /git/sssd.git/commit-list: Not group writable (should be "0664") -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Becoming aware of my character defects leads me naturally to the next step of blaming my parents.
Attachment:
git-perms.gz
Description: GNU Zip compressed data
Attachment:
pgpTWgv2oaSVQ.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
