Menu
I am using git to manage a website on a server.
I have a local repository shown below
local@workstation:myapp$ ls -l | awk '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o ",k);print}' total 16 755 drwxr-xr-x@ 18 thomas staff 612 Jun 13 15:35 application 755 drwxr-xr-x@ 11 thomas staff 374 Jun 12 16:25 assets 644 -rw-r--r--@ 1 thomas staff 6399 Jun 22 11:45 index.php 755 drwxr-xr-x@ 10 thomas staff 340 May 14 15:22 system I have a bare repository on the server that uses post-receive to point the repo in front of apache. Apache's public folders contents are below -not the bare repository.
root@server:/srv/public/myapp# ls -l | awk '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o ",k);print}' total 20 700 drwx------ 15 root root 4096 Jun 27 11:31 application 700 drwx------ 10 root root 4096 Jun 27 11:31 assets 600 -rw------- 1 root root 6399 Jun 27 11:31 index.php 700 drwx------ 8 root root 4096 Jun 27 11:31 system This is causing mayhem to my code on the webserver.
How can I fix this? I'm using gitolite if that makes any difference.
git server config file
[core] repositoryformatversion = 0 filemode = true bare = true 
530
Yes, by default, git is configured to track the changes in file permission mode, too. Just to experiment with the idea, I created a dummy repo and "touched" an empty file. The initial default permission was 775.
755 means read and execute access for everyone and also write access for the owner of the file. When you perform chmod 755 filename command you allow everyone to read and execute the file, the owner is allowed to write to the file as well.
Git is Version Control System, created for software development, so from the whole set of modes and permissions it stores only executable bit (for ordinary files) and symlink bit.
This thread post offers a very good explanation:
This is by design. While the git data structure can technically store unix mode bits in its trees, it was found early on in git's history that respecting anything beyond a simple executable bit ended up being more cumbersome for git's normal use cases (i.e., people storing code or other shared files in a repository).
We could add in a config option to respect file modes, but it has generally been seen as not worthwhile. It solves only a part of the general metadata problem, as it omits owner and group names or ids, as well as extended metadata like ACLs.
If modes are important to you, the suggested fixes are one of:
Use a tool like "metastore" that can be called from git hooks, and will save and restore file permissions in a file that is tracked in the repository. Do note that when using such a tool there is a race condition in protecting files (i.e., git will create your file as 644, and then metastore will correct it to 600; in the meantime, somebody could read your file).
Depending on exactly what you're storing, it may make sense to keep your repository in another directory, protected by permissions, and then use a separate tool to deploy your files from the repository to their ultimate location (e.g., a Makefile or other install tool).
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
