Christian Couder <christian.couder@xxxxxxxxx> writes: > Since f6ecc62dbf (write_shared_index(): use tempfile module, 2015-08-10) > write_shared_index() has been using mks_tempfile() to create the > temporary file that will become the shared index. > > But even before that, it looks like the functions used to create this > file didn't call adjust_shared_perm(), which means that the shared > index file has always been created with 600 permissions regardless > of the shared permission settings. > > Because of that, on repositories created with `git init --shared=all` > and using the split index feature, one gets an error like: > > fatal: .git/sharedindex.a52f910b489bc462f187ab572ba0086f7b5157de: index file open failed: Permission denied > > when another user performs any operation that reads the shared index. > > We could use create_tempfile() that calls adjust_shared_perm(), but > unfortunately create_tempfile() doesn't replace the XXXXXX at the end > of the path it is passed. So let's just call adjust_shared_perm() by > ourselves. > > Signed-off-by: Christian Couder <chriscool@xxxxxxxxxxxxx> > --- > read-cache.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/read-cache.c b/read-cache.c > index bc156a133e..66f85f8d58 100644 > --- a/read-cache.c > +++ b/read-cache.c > @@ -2425,6 +2425,14 @@ static int write_shared_index(struct index_state *istate, > delete_tempfile(&temporary_sharedindex); > return ret; > } > + ret = adjust_shared_perm(temporary_sharedindex.filename.buf); Shouldn't we be using the API function get_tempfile_path() for this instead of reaching into its implementation detail? > + if (ret) { > + int save_errno = errno; > + error("cannot fix permission bits on %s", temporary_sharedindex.filename.buf); > + delete_tempfile(&temporary_sharedindex); > + errno = save_errno; > + return ret; > + } > ret = rename_tempfile(&temporary_sharedindex, > git_path("sharedindex.%s", sha1_to_hex(si->base->sha1))); > if (!ret) {