Hi,
Some colleagues of mine are working on a "secret" project, and they want to
create a central/server/integration repo that should be group-writable, but
not at all accessible to anybody outside the group (i.e. files should be
0660 ("-rw-rw----"), dirs should be 0770 ("drwxrws---")).
I started setting this up for them in the following manner:
mkdir foo.git
cd foo.git
git init --bare --shared=group
cd ..
chgrp -R groupname foo.git
chmod -R o-rwx foo.git
...and everything looks good, initially...
However, when I start pushing into this repo, the newly created files are
readable to everybody (files are 0664 ("-rw-rw-r--"), dirs are 0775
("drwxrwsr-x")).
Instead of "git init --bare --shared=group", I've tried using
git init --bare --shared=0660
and even
git init --bare &&
git config core.sharedRepository 0660
but the result is still the same.
After reading the "--shared" section in the "git init" man page, this
behaviour is unexpected, and after reading the "core.sharedRepository"
section in the "git config" man page, the current behaviour is IMHO outright
_wrong_. Quoting the "git config" man page:
core.sharedRepository
[...] When 0xxx, where 0xxx is an octal number, files in the repository
will have this mode value. 0xxx will override user’s umask value, and
thus, users with a safe umask (0077) can use this option. [...]
AFAICS, even when I set "core.sharedRepository" to 0660, files are still
created 0664, which is not what the documentation indicates.
Are there other ways to create such shared-but-restricted repositories?
Have fun! :)
...Johan
--
Johan Herland, <johan@xxxxxxxxxxx>
www.herland.net
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
