Re: [PATCH] git-receive-pack needs to set umask(2)

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Petr" == Petr Baudis <pasky@ucw.cz> writes:
    Petr> The object database is considered "append-only" unless you do
    Petr> git-prune (and you should better not let anyone do that), thus
    Petr> it's enough if you set all directories group-writable. Other

  Exactly, you have to do that. And only the owner can change the modes,
thus, unless all users have their umask set up right, someone gets toasted.
  Since the directories are created on the fly, they need to be created
with the right permissions. 

    Petr> than access the object database, the users probably only want
    Petr> to update the refs - the solution is to make refs/heads/ and
    Petr> refs/tags/ group-writable and setgid. This is also what
    Petr> git-init-db --shared (or tools like cg-admin-setuprepo) should
    Petr> already set up for you.

    Petr> So, what did break?

  Never heard of "git-init-db --shared".

> A shared repository allows users belonging to the same group to push
> into that repository. When specifying `--shared` the config variable
> "core.sharedRepository" is set to 'true' so that directories under
> `$GIT_DIR` are made group writable (and g+sx, since the git group may
> be not the primary group of all users). 

  That would seem to be the right thing.
  Seems it was added in December.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

    "The Microsoft _Get the Facts CD_ does not work on Linux." - orospakr

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRHsbW4CLcPvd0N1lAQKa/gf+MF93+zbNnmqpysWMmYPVhW6HvU6XFyCQ
KyTfA7dxVX3tS9coSAcT73IX659umMz1MkyG7YR4ISFLlhLmdthq6l/ETueTZPVw
SgTSEU9TT2sM+gjtzy6v1wGQJAXJxYw6kJgKOFgCfyIPsb7EZWyQBmZLiNU0omnv
gkV8Ja5pJPTNHcinzzNyg8LIm0j55cS9OG9XQrXm46q+9OX+y39BoxGnz3Guzmry
yzfx1ipDuW54QCzKRyBpwt7/1LBfk/eJAH0wP9IAA4qz39+OA2yz8fTMvHDB1a6V
H18SkBENb6ZllGovu60IUgJCKy2sizGkBGUax9ec2ByAzHL1al3W3g==
=arDu
-----END PGP SIGNATURE-----