Julien Moutinho <julm+git@xxxxxxxxxxxxxx> writes: > While running public-inbox's tests inside nix's build sandbox > I've noticed that when core.sharedRepository is set to 0600 > git still tries in adjust_shared_perm() > to set the g+s bit on directories. > https://github.com/git/git/blob/1fc3c0ad407008c2f71dd9ae1241d8b75f8ef886/path.c#L901-L905 > ... > So, on meta@xxxxxxxxxxxxxxxx we were wondering whether > git should maybe strip S_ISGID and retry to chmod() if it hits EPERM? But that can leave the repository unusable when the files and directories has to be owned by the same group as its containing directory. It does sound like we are bit too aggressive when setting the g+s bit. Is g+s only necessary if the directory is group writable? Not necessarily. When I am the only writer (and owner) with memberships in multiple groups, a shared repository that I intend to give read (but not write) permission bit to members of a specific group must be owned by that group, and setting g+s is how we ensure it. So it is insufficient to give when new_mode says it is group writable. We also should do g+s if it is readable by the group. But if you use 0600, then the group ownership should not matter, so /* Copy read bits to execute bits */ new_mode |= (new_mode & 0444) >> 2; if (new_mode & 060) new_mode |= FORCE_DIR_SET_GID; might be what you want?
