Re: [BUG?] How to make a shared/restricted repo?

[Junio C Hamano <gitster@pobox.com>]

Johan Herland <johan@herland.net> writes:

>   core.sharedRepository
>     [...] When 0xxx, where 0xxx is an octal number, files in the repository
>     will have this mode value. 0xxx will override user’s umask value, and
>     thus, users with a safe umask (0077) can use this option. [...]

Traditionally, core.shreadrepository was used only to widen overtight
umask some paranoid users have that are antisocial in a group project
setting.  An object that happens to have created by a lenient member may
be readable by others, but another object created by a member with
stricter umask won't be, which means "core.sharedRepository = group" means
just that; it guarantees that it is at least usable by everybody in the
group even if there is somebody antisocial in the group, and it does not
say anything about accessibility by others at all.

You might like to try a patch like this (untested).

 path.c |   17 +++++------------
 1 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/path.c b/path.c
index e332b50..fbc7011 100644
--- a/path.c
+++ b/path.c
@@ -314,7 +314,7 @@ char *enter_repo(char *path, int strict)
 int adjust_shared_perm(const char *path)
 {
 	struct stat st;
-	int mode;
+	int mode, tweak;
 
 	if (!shared_repository)
 		return 0;
@@ -322,17 +322,10 @@ int adjust_shared_perm(const char *path)
 		return -1;
 	mode = st.st_mode;
 
-	if (shared_repository) {
-		int tweak = shared_repository;
-		if (!(mode & S_IWUSR))
-			tweak &= ~0222;
-		mode |= tweak;
-	} else {
-		/* Preserve old PERM_UMASK behaviour */
-		if (mode & S_IWUSR)
-			mode |= S_IWGRP;
-	}
-
+	tweak = shared_repository;
+	if (!(mode & S_IWUSR))
+		tweak &= ~0222;
+	mode = (mode & ~0777) | tweak;
 	if (S_ISDIR(mode)) {
 		mode |= FORCE_DIR_SET_GID;