File Permission issues with sharing a GIT Remote Repository

Question

I have a GIT repository that I manage for my office. Because of company policy, we can't use external hosting providers such as GitHub and the like. So, i'm left to do what I can with our local network.

Everyone manages their own local repositories, but we also have a remote repository that our users push to (and are accessible to applications like Hudson and Fisheye) similar to how a central repo would work in subversion. Each user has public keys setup so they can perform passwordless-authentication to the box hosting our remote repository as well.

For our remote repository, I have them configured to be shared in "group" mode:

git config core.sharedRepository group

All of our users are also members of the git group, but that is not the primary group for many of the users. It seems when git creates or updates any objects on "push," it uses the user's primary group. Instead, I need it to use the common "git" group that each user is a member. I've seen documentation on the web previously discussing setting the sticky bit, but it seemed to differ based on the source and didn't really address the issue of creating a common group (if i'm just making files arbitrarily write-able, I might as well make them 777).

---

Update:

Using Matthew Flaschen's answer below

chgrp -R git repo.git 
find repo.git -type d -exec chmod g+rws {} +

I was able to create a repository that everyone could push and pull from together. I'll also look into gitolite, but my needs are pretty basic, and our environment allows for user and keys to be configured automatically, so it's use isn't as key. However, I want to make sure that i'm dealing with this correct.

My repository structure includes a top-level directory (remote-repos), and subdirectories for each of my repositories (app-1.git, app-2.git, library-1.git, etc). I should be able to apply the chmod g+rws {} + to the top level directory (remote-repos) instead of each individual repo, correct? The find command

find /opt/remote-repos -type d -exec ...

Finds all directories under the /opt/remote-repos location, and executes a command on them. The command (chmod g+rws) ensures that the group can read and write these files, as well as sets the sticky bet so the specified group is always used when executing. (I have no clue as to the use of the {} + portion, I'm assuming that's related to the find exec option).

Anyway, just want to confirm that my understanding of this solution is correct.

More References:

• chmod from Wikipedia
• SetGID (or SetUID) from Wikipedia
• Git SharedRepository option discussion

Answer 1

git now has a core.sharedRepository option for exactly this purpose.

I recommend:

git config core.sharedRepository group

Then, to set the initial group ownership, do:

sudo chgrp -R somegroup .
sudo find -type d -exec chmod g+s {} +
sudo chmod -R g+rw .git/objects/

in the root of the repo.

For a new repo, you can do:

git init --shared=group

---

Only if the above doesn't work:

chgrp git -R repo.git 
find repo.git -type d -exec chmod g+rws {} +

s is the setgid flag. On directories, this means files and directories created within that directory have the same group (git in this case). Newly created subdirectories also inherit setgid.

This is similar to how the git repo is set up at my work. However, I agree you should consider an actual git server process.