Re: [PATCH] git-receive-pack needs to set umask(2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Salikh Zakirov <Salikh.Zakirov@xxxxxxxxx> wrote:
> Johannes Schindelin wrote:
> > See also
> > 
> > http://thread.gmane.org/gmane.comp.version-control.git/13856/focus=13876
> 
> I've read the thread, but couldn't find a practical solution there.
>  
> > The essence of the thread: If you want to do anything useful in a non-bare 
> > repository, you are likely using other tools than git, which do not 
> > interpret core.umask or $GIT_DIR/umask.
> > 
> > If you use a bare repository, just make it shared. No need for an umask.
> 
> Could you please elaborate on what does it mean "make it shared"?
> 
> My setup: I have a bare GIT repository on a machine, where everybody can
> SSH into (with full shell access). I've assigned the repo to a special group
> where everybody belongs, and done a 'find repo.git -type d | xargs chmod 2775'
> 
> The problem: After someone pushed to the repository, the object directories 
> (i.e repo.git/objects/??)
> get created with 755 access rights, and effectively prevent everyone else from pushing
> objects starting with the same prefix.
> 
> The obvious solution to use umask 002 is not applicable, because
> 1) It does not seem practical to enforce umask 002 in everyone's rc files, 
> because just one forgetful or careless person can break access for all others
> 2) I have 'umask 002' in my ~/.profile. Somehow, it does not help,
> because ~/.profile is not read on non-interactive SSH sessions
> (to verify that, just try to do 'ssh somehost umask')
> 
> The current workaround for the problem is a cron script, which
> makes 'find | xargs chmod 2775' every 5 minutes. It works, but is ugly.
> 
> Is there any better way to keep correct access rights in a shared repository?

Try setting 'core.sharedRepository' to true:

	git repo-config core.sharedRepository true

and running your chmod script one last time.  See
Documentation/config.txt for some details on this switch.

-- 
Shawn.
-
: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]