From: Johannes Schindelin <johannes.schindelin@gmx.de>
To: Joakim Tjernlund <joakim.tjernlund@transmode.se>
Cc: git@vger.kernel.org, gitster@pobox.com, pclouds@gmail.com
Subject: Re: Unable to create temporary file '/var/git/tmv3-target-overlay.git/shallow_Un8ZOR': Permission denied
Date: Wed, 23 Sep 2015 13:10:35 +0200 [thread overview]
Message-ID: <5f56381a3cf5a5ccf6a1e4e3ea48f516@dscho.org> (raw)
In-Reply-To: <1442955525.29498.94.camel@transmode.se>
Hi Joakim,
On 2015-09-22 22:58, Joakim Tjernlund wrote:
> On Tue, 2015-09-22 at 22:00 +0200, Johannes Schindelin wrote:
>>
>> The reason should be easy to understand: Git's concept is based on the idea that you have full control over
>> your repository. Other repositories you might only have read access.
>
> Yes and some repos I only have partial write access to(config, hooks
> etc. might be readonly)
The partial write access idea is definitely not part of the original idea of Git, and your use case is actually the first I heard of.
The original idea was really that you either own your repository, or you do not. And that includes the repositories that can be accessed publicly: you own them or you don't.
Now, I know that in particular in some corporate setups, there needs to be a permission system in place that disallows certain users from doing certain things (such as editing the config).
The Git solution is to set up a server, usually with SSH, and allow users to push and fetch from the repositories, but nothing else (i.e. no shell access), then set up hooks to implement the permission system.
This is much less error prone than partially locking down a repository on some network drive because the file system structure simply does not reflect the permission structure. That is where all your troubles come from.
>> But this idea you have, to somehow introduce fine-grained levels of control, this idea would imply that all
>> of a sudden Git is no longer free to write to its files as it likes. And as far as Git is concerned,
>> everything inside .git/ *are* its files.
>
> This does not compute for me, files inside git are git's files, I only
> think that not all users
> to a repo should have the same (write) access.
But then it is your duty to tell *Git* what it can and what it cannot do. Typically via those hooks I mentioned.
> A .git/tmp/ would make housekeeping easier, you would know that every
> file under .git
> should be there and if you find something you don't recognize you would react.
No, it would actually make it harder. I seem to recall that there was some problem with renaming a file unless it was already in the same directory as the destination. If all files were to be written to .git/tmp/ first...
>> If you need to exert more control in a specific repository, you simply make it accessible only as a non-file-system remote
>> (where only `git`, `git-receive-pack` and `git-upload-pack` are allowed to be executed) and define hooks
>> that can accept or deny on a *much* finer level than file system permissions ever could, after all.
>
> Even if I did go through this hassle, I would prefer if temporary data
> were put somewhere else
> than .git/ as I think mixing config/persistent data with temporary
> data in the same directory is something
> that should be avoided.
Sure, I understand what you ask for. It's just that Git worked in a different direction for 10 years now ;-)
Ciao,
Johannes
next prev parent reply other threads:[~2015-09-23 11:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-21 11:36 Unable to create temporary file '/var/git/tmv3-target-overlay.git/shallow_Un8ZOR': Permission denied Joakim Tjernlund
2015-08-21 11:50 ` Joakim Tjernlund
2015-08-31 9:03 ` Joakim Tjernlund
2015-08-31 9:56 ` Duy Nguyen
2015-09-14 15:37 ` Joakim Tjernlund
2015-09-17 13:18 ` Duy Nguyen
2015-09-17 16:54 ` Joakim Tjernlund
2015-09-19 2:21 ` Duy Nguyen
2015-09-19 2:26 ` Duy Nguyen
2015-09-19 7:13 ` Johannes Schindelin
2015-09-20 13:36 ` Joakim Tjernlund
2015-09-19 8:44 ` Joakim Tjernlund
2015-09-21 16:48 ` Junio C Hamano
2015-09-21 17:08 ` Joakim Tjernlund
2015-09-22 20:00 ` Johannes Schindelin
2015-09-22 20:58 ` Joakim Tjernlund
2015-09-23 11:10 ` Johannes Schindelin [this message]
2015-09-23 15:13 ` Junio C Hamano
2015-09-23 20:41 ` Joakim Tjernlund
2015-09-23 22:48 ` Johannes Schindelin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5f56381a3cf5a5ccf6a1e4e3ea48f516@dscho.org \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=joakim.tjernlund@transmode.se \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).