[BUG?] How to make a shared/restricted repo?

[Johan Herland <johan@herland.net>]

Hi,

Some colleagues of mine are working on a "secret" project, and they want to 
create a central/server/integration repo that should be group-writable, but 
not at all accessible to anybody outside the group (i.e. files should be 
0660 ("-rw-rw----"), dirs should be 0770 ("drwxrws---")).

I started setting this up for them in the following manner:

  mkdir foo.git
  cd foo.git
  git init --bare --shared=group
  cd ..
  chgrp -R groupname foo.git
  chmod -R o-rwx foo.git

...and everything looks good, initially...

However, when I start pushing into this repo, the newly created files are 
readable to everybody (files are 0664 ("-rw-rw-r--"), dirs are 0775 
("drwxrwsr-x")).

Instead of "git init --bare --shared=group", I've tried using
  git init --bare --shared=0660
and even
  git init --bare &&
  git config core.sharedRepository 0660
but the result is still the same.

After reading the "--shared" section in the "git init" man page, this 
behaviour is unexpected, and after reading the "core.sharedRepository" 
section in the "git config" man page, the current behaviour is IMHO outright 
_wrong_. Quoting the "git config" man page:

  core.sharedRepository
    [...] When 0xxx, where 0xxx is an octal number, files in the repository
    will have this mode value. 0xxx will override user’s umask value, and
    thus, users with a safe umask (0077) can use this option. [...]

AFAICS, even when I set "core.sharedRepository" to 0660, files are still 
created 0664, which is not what the documentation indicates.

Are there other ways to create such shared-but-restricted repositories?


Have fun! :)

...Johan

-- 
Johan Herland, <johan@herland.net>
www.herland.net