Question
I want to create a bare git repository in a shared directory so that multiple people (all of whom are in a particular UNIX group) can access it.
After creating the repository, all files and directories are owned by the creating user (creator) and owned by the group (group), but grant the same permissions to group and to everyone. After recursively giving full permissions to the owning group, and setting the setgid bit on directories (it's not the users' primary group, so it would not be used by default) the repository's filesystem structure looks like this:
https://stackoverflow.com/questions/23590314
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianTREE PERMISSIONS OWNER GROUP
repo drwxrws--- creator group
| config -rw-rw---- creator group
| description -rw-rw---- creator group
| HEAD -rw-rw---- creator group
| hooks drwxrws--- creator group
| info drwxrws--- creator group
| objects drwxrws--- creator group
| refs drwxrws--- creator group
When someone pushes and git creates a new file, the owner is always set to the user that pushed, and the permissions default to -rw-r--r-- (or drwxr-xr-x) so that other members of the group cannot overwrite those files later. For example, if user1 pushes a git object whose hash starts with 00, the directory structure now looks like this:
TREE PERMISSIONS OWNER GROUP
repo drwxrws--- creator group
| config -rw-rw---- creator group
| description -rw-rw---- creator group
| HEAD -rw-rw---- creator group
| hooks drwxrws--- creator group
| info drwxrws--- creator group
| objects drwxrws--- creator group
| | 00 drwxr-sr-x user1 group
| | | (long name) -rw-r--r-- user1 group
| refs drwxrws--- creator group
and now no other users can push objects that would be stored in repo/objects/00, because they don't have permissions to write to that directory.
How can I force git to make new files group-writable?
Solution
Check if the config core.sharedRepository could help in your target repo:
When
group(ortrue), the repository is made shareable between several users in a group (making sure all the files and objects are group-writable).
But when it comes to ACL (Access Control Level) with git ssh, nothing is more easier or precise to put in place than gitolite (which is an authorization layer).
