Home » Mailing list archives » git » 2008 » October » 9

Git newbie question: permissions

Previous thread: fetch fails with a short read of received pack by Alex Riesen on Thursday, October 9, 2008 - 12:55 pm. (7 messages)

Next thread: [PATCH] git-daemon: Worked around uclibc buffer problem by Lars Stoltenow on Thursday, October 9, 2008 - 2:34 pm. (3 messages)
[view original message]
From: Ed Schofield
Subject: Git newbie question: permissions
Date: Thursday, October 9, 2008 - 1:20 pm

Hi everyone,

I have a bare git repository that users in a particular group
("webdev") are pulling from and pushing to using the ssh transport.
One of the users has just reported this error during a push:

Counting objects: 103, done.
Compressing objects: 100% (68/68), done.
error: unable to write sha1 filename
./objects/4f/
973ce5c66f082af5087948cec57001f0c4da50: Permission denied

fatal: failed to write object
error: pack-objects died with strange error
error: failed to push some refs to '/var/git/myrepo.git'

I'd appreciate some help on getting my repository back to a sane
state, allowing this user to finish his push, and making sure
permissions are right in the future.

I don't think I specified "--shared=group" when initializing the
repository. Afterwards I manually set all files to have 660
permissions, dirs as 770, and set the group ownership to "webdev", but
I probably made a mistake by not setting the setgid bit on
directories. Now there are some objects directories with 755
permissions and different group ownership (the default groups of the
other users).

I have now run "git --bare init --shared=group" to reinitialize the
repository. This seems to have changed the directories to be g+sx. (Is
this all it did?). There are still some objects directories with 755
permissions rather than 770, which I presume I want, and the group
ownership of these is wrong. Shall I change these by hand? The sha1
files all have 444 permissions; is this right?

The last question I have is how to ensure that git creates object
files etc. with the right permissions when users push in future.

I'd appreciate any help!

-- Ed
--


[ message continues ]
[view original message]
From: Marc Weber
Subject: Re: Git newbie question: permissions
Date: Thursday, October 9, 2008 - 2:29 pm

Have a look at the config file. It should contain

[core]
        sharedrepository = 1
now.

I've never used that option before but I think this option should be
enough to ensure that it works in the future if it did for other repos
in the past..

Marc Weber
--


[ message continues ]
[view original message]
From: Samuel Lucas Vaz de Mello
Subject: Re: Git newbie question: permissions
Date: Thursday, October 9, 2008 - 2:05 pm

Hi Ed!

I'm also a newbie here and I have a very similar setup to yours.

The only difference is that my repository was created using 
git-cvsimport and afterwards I used git-config to set 
core.sharedrepository=1 and manually set up the permissions.

I also got objects created with the users' default group, but for now I 
just changed the deafault group for those users until I find a better 
solution.

Another issue with this setup: if I run git-gc in the shared repo, it 
recreate the files in logs/refs/heads with 644 permissions, which 
prevents users to push until I manually fix the permissions.

Someone else have faced these kind of problems?

Regards,

 - Samuel




--


[ message continues ]
[view original message]
From: Samuel Tardieu
Subject: Re: Git newbie question: permissions
Date: Thursday, October 9, 2008 - 2:41 pm

>>>>> "Ed" == Ed Schofield <edschofield@gmail.com> writes:

Ed> I have now run "git --bare init --shared=group" to reinitialize
Ed> the repository. This seems to have changed the directories to be
Ed> g+sx. (Is this all it did?). There are still some objects
Ed> directories with 755 permissions rather than 770, which I presume
Ed> I want, and the group ownership of these is wrong. Shall I change
Ed> these by hand? The sha1 files all have 444 permissions; is this
Ed> right?

Ed> The last question I have is how to ensure that git creates object
Ed> files etc. with the right permissions when users push in future.

As Marc said, you should first make sure that "config" contains
"sharedrepository = 1" in the "[core]" section.

Then you can do the following:

  - remove all permissions for "others":  chmod -R o-rwx .
  - mirror "user" permissions to "group": chmod -R g=u .
  - add +s flag to directories:           find . -type d | xargs chmod g+s

This should fix your current situation. The "sharedrepository = 1"
will tell git to maintain a proper shared state in the future
on objects it creates (i.e. mirror "user" permission to "group" ones).

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/

--


[ message continues ]
[view original message]
From: Ed Schofield
Subject: Re: Git newbie question: permissions
Date: Thursday, October 9, 2008 - 3:59 pm

This worked beautifully. Thanks Sam, thanks Marc!

-- Ed
--


[ message continues ]
[view original message]
From: Samuel Lucas Vaz de Mello
Subject: Re: Git newbie question: permissions
Date: Friday, October 10, 2008 - 7:44 am

Is git-gc supposed to respect sharedrepository=1 and create 
group-writable files?
For me, it's recreating the files under logs/refs/heads with 644 
permissions.

BR,

 - Samuel


--


[ message continues ]
Previous thread: fetch fails with a short read of received pack by Alex Riesen on Thursday, October 9, 2008 - 12:55 pm. (7 messages)

Next thread: [PATCH] git-daemon: Worked around uclibc buffer problem by Lars Stoltenow on Thursday, October 9, 2008 - 2:34 pm. (3 messages)