Why not preserve permissions the way you find them, instead of just using 644 and 755? It certainly couldn't be more complicated than what you are doing now, and that way one could do things like use git to update system administration files across a sneakernet containing e.g., # dlocate -lsconf exim4-config|sed 's/ .*//'|sort -u -rw-r----- -rw-r--r-- -rwxr-xr-x > git was made for tracking source code, not 640 files. On the sneakernet no public patches would be sent, and the administrator would remember to make the sensitive .git directories 700. And sure, git should enforce umask or no set-uid or whatever when doing a checkout etc. The deluxe edition of git could even print a warning: "you are trying to track a 640 file but your .git permissions are less restrictive." However I recommend no premium or deluxe editions for now. > Patches welcome. Trust me, you don't want "grandpa who forgot the parking brake" anywhere near your code. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html