Re: [BUG?] How to make a shared/restricted repo?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox.com>
To: Brandon Casey <casey@nrlssc.navy.mil>
Cc: Johan Herland <johan@herland.net>, git@vger.kernel.org
Subject: Re: [BUG?] How to make a shared/restricted repo?
Date: Tue, 24 Mar 2009 17:49:36 -0700	[thread overview]
Message-ID: <7vr60mbf4v.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <sL3rt6iQWyznVMwP2SukD7BiuS1AVuqwVkMR4XSwA5SnK9TLmqyqAg@cipher.nrlssc.navy.mil> (Brandon Casey's message of "Tue, 24 Mar 2009 19:26:17 -0500")

Brandon Casey <casey@nrlssc.navy.mil> writes:

> Johan Herland wrote:
>> Hi,
>> 
>> Some colleagues of mine are working on a "secret" project, and they want to 
>> create a central/server/integration repo that should be group-writable, but 
>> not at all accessible to anybody outside the group (i.e. files should be 
>> 0660 ("-rw-rw----"), dirs should be 0770 ("drwxrws---")).
>> 
>> I started setting this up for them in the following manner:
>> 
>>   mkdir foo.git
>>   cd foo.git
>>   git init --bare --shared=group
>>   cd ..
>>   chgrp -R groupname foo.git
>>   chmod -R o-rwx foo.git
>> 
>> ...and everything looks good, initially...
>> 
>> However, when I start pushing into this repo, the newly created files are 
>> readable to everybody (files are 0664 ("-rw-rw-r--"), dirs are 0775 
>> ("drwxrwsr-x")).
>
> But nobody has access to anything under foo.git since you did
> 'chmod o-rwx foo.git' above.
>
> Unless I'm missing something, I think you already have what you want.

The toplevel is never recreated so it should be Ok in practice.

The core.sharedrepository only loosens the effect of overtight umask
setting that a project member has.  But you can notice inconsistency when
you run "ls -l", which may bother you ;-)

next prev parent reply	other threads:[~2009-03-25  0:56 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-25  0:05 [BUG?] How to make a shared/restricted repo? Johan Herland
2009-03-25  0:26 ` Brandon Casey
2009-03-25  0:45   ` Johan Herland
2009-03-25  0:49   ` Junio C Hamano [this message]
2009-03-25  0:46 ` Junio C Hamano
2009-03-25  2:11   ` Johan Herland
2009-03-25  2:24     ` Junio C Hamano
2009-03-25 21:36       ` [PATCH/RFC 0/7] Restricting repository access (Was: [BUG?] How to make a shared/restricted repo?) Johan Herland
2009-03-25 21:37         ` [PATCH/RFC 1/7] Clarify documentation on permissions in shared repositories Johan Herland
2009-03-25 21:38         ` [PATCH/RFC 2/7] Cleanup: Remove unnecessary if-else clause Johan Herland
2009-03-25 21:39         ` [PATCH/RFC 3/7] Introduce core.restrictedRepository for restricting repository permissions Johan Herland
2009-03-25 21:39         ` [PATCH/RFC 4/7] git-init: Introduce --restricted for restricting repository access Johan Herland
2009-03-25 21:40         ` [PATCH/RFC 5/7] Add tests for "core.restrictedRepository" and "git init --restricted" Johan Herland
2009-03-25 21:41         ` [PATCH/RFC 6/7] git-init: Apply correct mode bits to template files in shared/restricted repo Johan Herland
2009-03-25 21:42         ` [PATCH/RFC 7/7] Apply restricted permissions to loose objects and pack files Johan Herland
2009-03-25 23:19       ` [BUG?] How to make a shared/restricted repo? Junio C Hamano
2009-03-26  0:22         ` Johan Herland
2009-03-26  7:23           ` Junio C Hamano
2009-03-26  8:29             ` Johan Herland
2009-03-26  8:41               ` Johannes Sixt
2009-03-26  9:44                 ` Johan Herland
2009-03-26  9:58                   ` Johannes Sixt
2009-03-26 15:02                     ` [PATCH 0/2] chmod cleanup (Was: [BUG?] How to make a shared/restricted repo?) Johan Herland
2009-03-26 15:16                       ` [PATCH 1/2] Move chmod(foo, 0444) into move_temp_to_file() Johan Herland
2009-03-28  6:14                         ` Junio C Hamano
2009-03-28 10:48                           ` Johan Herland
2009-03-26 15:17                       ` [PATCH 2/2] Resolve double chmod() in move_temp_to_file() Johan Herland
2009-03-28  6:21                         ` Junio C Hamano
2009-03-28 11:01                           ` Johan Herland
2009-03-29 20:31                             ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7vr60mbf4v.fsf@gitster.siamese.dyndns.org \
    --to=gitster@pobox.com \
    --cc=casey@nrlssc.navy.mil \
    --cc=git@vger.kernel.org \
    --cc=johan@herland.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.