Re: git init shared=group with a subdir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



petesea@xxxxxxxxxxx writes:

>   $ ls -ld subdir
>   ls: cannot access subdir: No such file or directory
>   $ git init --bare --shared=group subdir/test.git
>   Initialized empty shared Git repository in /tmp/subdir/test.git/
>   $ ls -ld subdir subdir/test.git
>   drwxr-xr-x 3 pete users 4096 2012-11-14 11:16 subdir
>   drwxrwsr-x 7 pete users 4096 2012-11-14 11:16 subdir/test.git
>
> Assuming the "subdir" directory doesn't already exist and is created
> by the "git init" command AND the --shared=group option is used, then
> shouldn't the "subdir" directory also have 2775 permissions?

People who access this "test.git" does not need to be able to write
into subdir/foobar, so the lack of w bit for the group is perfectly
fine, no?  Depending on to whom you would want to expose things
other than "test.git" in "subdir", the desirable set of the
permission bits on "subdir" itself would be different, but the "git
init" command line does not give us enough information to infer what
exact mode is needed.

At least we should give r-x to the parent directories for the
classes of users to whom we give rwx to the repository itself.  In
your example, since we give rwx to user=pete and group=users on
"test.git", "subdir" should have r-x (or better) for user=pete and
group=users, so that result happens to be correct.

But I do not think we did the right thing by design but it turned
out to be correct by accident.  If your umask were 077 or something
tight, I suspect that we end up creating "subdir" with "rwx------",
and group members wouldn't be able to access "test.git".  We may
want to loosen it down to "rwxr-x---" in such a case, but doing so
unconditionally risks exposing things inside "subdir" other than
"test.git" to your group members, and worse yet, we would be doing
so without telling the user.  If your umask is set to a tight value,
it is likely that you did so on purpose, and it is debatable if it
is a good thing to do.  It is safer to create these leading
directories like "subdir" honoring the umask, give the user a chance
to make sure that other things in "subdir" can be exposed to people
who have access to "test.git", and let the user handle the
permission (perhaps running "chmod g+rx subdir" as necessary).  And
that is the behaviour you are observing, I think.







--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]