make Git repository global writable

Question

We have 3 people using a shared Git repo. We don't have sudo permission to create/change the group. Since the machine is safe, we were asked to make the Git global writable(chmod +R o+rw *). However we get this error from time to time.

error: insufficient permission for adding an object to repository database .git/ objects

This happens randomly. When some person pushes his code, I don't get this error.When another person pushes his code, I got this error again.

I have done git repo-config core.sharedRepository true, but seems to only apply to groups. How do I set Git to make new files global writable?

Answer 1

We just came across the same issue. Here's how we've tackled it, in addition to running git repo-config core.sharedRepository true.

Note: this was on an Ubuntu Linux server - you may need different commands on your OS but the approach should be broadly similar. Note that many of these commands will need to be run as root or under sudo.

Step 1. Create a new, shared group

For example, developers. Add your developers to it.

groupadd developers
usermod -aG developers <username>

Step 2. Change group ownership of the existing repository

chgrp -R developers /path/to/repo

Also make the files group-writeable:

chmod -R g+w /path/to/repo

Step 3. Ensure that new directories get created with the group set to the new group name

In some *nix OSs (e.g. FreeBSD, OS X) the group of newly created files is inherited from the parent directory. On other OSs (e.g. Ubuntu) it's determined by the group of the creating process. In the latter case you can override that behaviour by setting the setgid flag on the parent directory. So one way to make sure that new directories created by e.g. git pull have the same group as their parent is to periodically run something like this:

find /path/to/repo -type d -exec chmod g+s {} \;

(i.e. find all files under /path/to/repo of type directory and run chmod g+s on them to set the setgid flag.)

Another way you might approach this is by making developers the primary login group for all developers:

usermod -g developers <username>

(Note that this may result in a user no longer being a member of their previous primary login group, typically the group with the same name as the username. Use usermod -aG old_group usernanme to restore that membership.)

Using usermod -g developers means that when a user creates new files they will be default be owned by user:username, group:developers. However, new files will typically be created so that they're only user-writeable, not group-writeable. (i.e. if you run touch foo; ls -l foo you'll see the permissions mask as -rw-r--r--.) To have new files you create be group-writeable by default, add umask 0002 to the end of your .profile or .bash_profile file.

echo umask 0002 >> ~/.profile

Phew! Hope this helps. I'm sure this process isn't perfect and it's definitely not a one-size-fits-all, but hopefully it'll give you some pointers. I've made it a community wiki so that others can add to it.

Answer 2

This is an ugly solution, but it seems to work. It is based on the post-receive hook, which is used to set permissions on all files in the repository after each push to the repository.

mkdir sharedrepo
cd sharedrepo
git init --bare
echo "chmod -f -R a+rw ." >> hooks/post-receive
chmod a+x hooks/post-receive
cd ..
chmod -R a+rw sharedrepo