Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

File Permission issues with sharing a GIT Remote Repository

Tags:

git

repository

I have a GIT repository that I manage for my office. Because of company policy, we can't use external hosting providers such as GitHub and the like. So, i'm left to do what I can with our local network.

Everyone manages their own local repositories, but we also have a remote repository that our users push to (and are accessible to applications like Hudson and Fisheye) similar to how a central repo would work in subversion. Each user has public keys setup so they can perform passwordless-authentication to the box hosting our remote repository as well.

For our remote repository, I have them configured to be shared in "group" mode:

git config core.sharedRepository group

All of our users are also members of the git group, but that is not the primary group for many of the users. It seems when git creates or updates any objects on "push," it uses the user's primary group. Instead, I need it to use the common "git" group that each user is a member. I've seen documentation on the web previously discussing setting the sticky bit, but it seemed to differ based on the source and didn't really address the issue of creating a common group (if i'm just making files arbitrarily write-able, I might as well make them 777).


Update:

Using Matthew Flaschen's answer below

chgrp -R git repo.git 
find repo.git -type d -exec chmod g+rws {} +

I was able to create a repository that everyone could push and pull from together. I'll also look into gitolite, but my needs are pretty basic, and our environment allows for user and keys to be configured automatically, so it's use isn't as key. However, I want to make sure that i'm dealing with this correct.

My repository structure includes a top-level directory (remote-repos), and subdirectories for each of my repositories (app-1.git, app-2.git, library-1.git, etc). I should be able to apply the chmod g+rws {} + to the top level directory (remote-repos) instead of each individual repo, correct? The find command

find /opt/remote-repos -type d -exec ...

Finds all directories under the /opt/remote-repos location, and executes a command on them. The command (chmod g+rws) ensures that the group can read and write these files, as well as sets the sticky bet so the specified group is always used when executing. (I have no clue as to the use of the {} + portion, I'm assuming that's related to the find exec option).

Anyway, just want to confirm that my understanding of this solution is correct.

More References:

  • chmod from Wikipedia
  • SetGID (or SetUID) from Wikipedia
  • Git SharedRepository option discussion
like image 370
J Jones Avatar asked Mar 15 '11 02:03

J Jones


People also ask

How do I share a git repository with others?

Under your repository name, click Settings. In the "Access" section of the sidebar, click Collaborators & teams. Click Invite a collaborator. In the search field, start typing the name of person you want to invite, then click a name in the list of matches.

Does git care about file permissions?

By default, git will update execute file permissions if you change them. It will not change or track any other permissions. If you don't see any changes when modifying execute permission, you probably have a configuration in git which ignore file mode.

How do you fix Please make sure you have the correct access rights and the repository exists?

The “Please make sure you have the correct access rights” error occurs if you do not have the right permissions to access a Git repository. To solve this error, make sure you are referring to the correct remote URL and that you have set up SSH authentication correctly.


1 Answers

git now has a core.sharedRepository option for exactly this purpose.

I recommend:

git config core.sharedRepository group

Then, to set the initial group ownership, do:

sudo chgrp -R somegroup .
sudo find -type d -exec chmod g+s {} +
sudo chmod -R g+rw .git/objects/

in the root of the repo.

For a new repo, you can do:

git init --shared=group

Only if the above doesn't work:

chgrp git -R repo.git 
find repo.git -type d -exec chmod g+rws {} +

s is the setgid flag. On directories, this means files and directories created within that directory have the same group (git in this case). Newly created subdirectories also inherit setgid.

This is similar to how the git repo is set up at my work. However, I agree you should consider an actual git server process.

like image 200
Matthew Flaschen Avatar answered Oct 06 '22 16:10

Matthew Flaschen