Gonzalo Garramuo <ggarra@xxxxxxxxxxxxxxxxx> wrote: > Shawn O. Pearce wrote: > > > >Its a distributed version control system. All peers are equal. > >Most security in Git is handled by only pulling from sources you > >trust, and never allowing someone to push stuff into a repository > >you own. > > > > Regarding that... is there a way to control the umask of a git clone > independent of the actual umask of the user or directories inside the > repository? Ideally, on the server side? > > That is, for sensitive repositories, I would like "git clone" to always > clone that repository with 0700 permissions, so that the silly mistake > of cloning a sensitive repository into a public directory and forgetting > to restrict its permissions can be avoided completely. No. For a local clone (same UNIX system) you could probably easily modify git-clone.sh to consult the config file of the source repository to obtain recommended initial permissions, or just use the source repository's directory permissions as the new clone's initial permissions. But not everyone would want that behavior. For a remote clone (different systems) the config file of the source repository isn't easily available. So its not easily used to get that setting. The git protocol would have to be extended to make transfer of parts of the config file possible. We've talked about this in the past but have never had a compelling application to cause patches to be submitted for it. -- Shawn. - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
