On Thu, 23 Jul 2009, Todd Zullinger wrote:
> Hey all,
>
> Every so often we've had problems with uses having permissions
> problems in git repos on hosted. This is less of an issue over the
> past few months as we backported a patch from upstream git to ensure
> that git sets the permissions properly as well as setting the right
> permissions with the gitsetup.sh script when creating new repos¹.
>
> ¹ Except for the minor issue that it issues a mildly overly broad
> 'chmod -R g+w .' -- which makes any files in the objects tree group
> writable even though they are not intended nor required to be
> writable by anyone. Objects are read only for git.
>
> To help ensure that we don't end up with any new permissions problems
> I whipped up a git-check-perms script which might be useful to run as
> a cron job once a daily or even weekly. It should alert us to any new
> problems with git or with our setup/import scripts. It can also be
> used to correct any problems found, after we've looked into what
> caused them, of course. The script is in ~tmz/bin/git-check-perms on
> hosted1.
>
> Before the output of this is clean and suitable for a cron job, there
> are a few minor things that should be fixed. Mostly this is fixing
> files in the objects dir that have unneeded write permissions. There
> are also a few config and commit-list files that would get group write
> permissions added. Neither of these things cause any real problems,
> but they differ from how we'd like to setup and import git projects,
> so making them consistent will make things simpler all around.
>
> The list of changes the script would make is attached. If anyone has
> a moment to check that it looks sane, that would great. The short
> list of non-objects dir issues is:
>
> /git/Virtualization_Guide.git/commit-list: Not group writable (should be "0664")
> /git/augeas.git/commit-list: Not group writable (should be "0664")
> /git/collie.git/commit-list: Not group writable (should be "0664")
> /git/comps-extras.git/logs: Not SETGID (should be "02775")
> /git/comps-extras.git/logs/refs: Not SETGID (should be "02775")
> /git/comps-extras.git/logs/refs/heads: Not SETGID (should be "02775")
> /git/docs/install-guide.git/config: Not group writable (should be "0664")
> /git/docs/release-notes.git/config: Not group writable (should be "0664")
> /git/fastback.git/commit-list: Not group writable (should be "0664")
> /git/grubby.git/commit-list: Not group writable (should be "0664")
> /git/grubby.git/config: Not group writable (should be "0664")
> /git/moksha.git/commit-list: Not group writable (should be "0664")
> /git/pam_url.git/config: Not group writable (should be "0664")
> /git/piranha.git/commit-list: Not group writable (should be "0664")
> /git/simon.git/commit-list: Not group writable (should be "0664")
> /git/sssd.git/commit-list: Not group writable (should be "0664")
>
This all seems very reasonable to me. Thanks for putting that together.
-Mike
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
