* directory permissions on AFS
@ 2012-12-12 23:39 Jaime Frey
2012-12-13 0:17 ` Junio C Hamano
0 siblings, 1 reply; 2+ messages in thread
From: Jaime Frey @ 2012-12-12 23:39 UTC (permalink / raw)
To: git
Hi,
We have a shared bare git repository on AFS, which our developers
pull from and push to from their local repositories. Some developers
access the bare repository directly over AFS and others use ssh.
Every couple of months, all of the two-character directories under
the objects directory disappear. Afterwards, most pushes fail with an
error like this:
error: unable to create temporary sha1 filename ./objects/fb:
Permission denied
Stracing git revealed that it successfully recreated the ./objects/fb
and then failed to chmod() it. It failed because it tried to set the
S_ISGID bit, which mere mortals cannot do on AFS. Manually recreating
all of these directories solves the problem.
I took a quick look at the git source and it appears git always tries
to set the S_ISGID on a new directory if core.sharedrepository is
enabled in the config. I don't know what other effects would result
from setting core.sharedrepository to 0.
Would it be feasible to allow the setting of S_ISGID to disabled,
apart from modifying core.sharedrepository? Possibly a new config
parameter or detecting if the directory is on AFS?
-- Jaime Frey
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: directory permissions on AFS
2012-12-12 23:39 directory permissions on AFS Jaime Frey
@ 2012-12-13 0:17 ` Junio C Hamano
0 siblings, 0 replies; 2+ messages in thread
From: Junio C Hamano @ 2012-12-13 0:17 UTC (permalink / raw)
To: Jaime Frey; +Cc: git
Jaime Frey <jfrey@cs.wisc.edu> writes:
> Stracing git revealed that it successfully recreated the ./objects/fb
> and then failed to chmod() it. It failed because it tried to set the
> S_ISGID bit, which mere mortals cannot do on AFS. Manually recreating
> all of these directories solves the problem.
We fix directory permissions after creating any directory under .git
with the same code, so that in a repository shared by group, new
subdirectories created by a random somebody who belongs to that
group will belong to that group (we also chmod to g+wx in case such
a random somebody has overly strict umask). Instead of running
chown(2) on every new file created by us, we let the filesystem to
take care of it by telling the directories we create that new files
in them should inherit their group ownership.
What we were worried about back when we decided to use S_ISGID was a
scenario like this:
* A repository is shared by group "src".
* A user belongs to the group "src". That group may or may not be
his primary group (i.e. "mkdir foo" done at random place by him
may not belong to the "src" group).
* The user attempts to create a new branch "foo/bar" by pushing
from outside. There is no other branch whose name is
"foo/anything" when this happens.
* An equivalent of "mkdir -p .git/refs/heads/foo" needs to be done
before an equivalent of "echo $sha >.git/refs/heads/foo/bar"
happens to accept this push. We want "foo" and "bar" to belong
to "src" group and they get appropriate permission bits suitable
to be accessed by the members of the "src" group.
The story is the same for loose objects and their fan-out directory.
Storing a commit object fb/012345... may need to create the leading
fan-out ".git/objects/fb" and we want that directory and any future
files created in it to belong to the "src" group.
Any alternative implementation that achieves the same result that
works on AFS can be substituted with the current code, or made
conditionally activated on AFS.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-12-13 0:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-12-12 23:39 directory permissions on AFS Jaime Frey
2012-12-13 0:17 ` Junio C Hamano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox