Re: repo permissions repair: restore --shared=group permissions

["Neal Kreitzinger" <neal@rsss.com>]

"Ævar Arnfjörð Bjarmason" <avarab@gmail.com> wrote in message 
news:AANLkTik7w6rDa=dLp=cvU8JeuCn1ZjM9ateHU8m_UQkO@mail.gmail.com...
On Wed, Aug 11, 2010 at 23:24, Neal Kreitzinger <neal@rsss.com> wrote:
> chmod -R 755 was inadvertantly run on all of our git repos (bare and
> non-bare). These repos were originally created as --shared=group. When I
> run git init --shared=group it does not complain, but it also does not
> correct the permissions. Please advise on the best way restore the
> permissions to --shared=group. Thanks!

chmod -R g+rw ?

I followed your suggestion, but because I wasn't sure that would replicate 
what git would have done, I ended up restoring from tape after realizing 
that the rsync backups were corrupted due to the git repos being in use 
during the rsync.

I then had a similar situation where I needed to lock down a central git 
repository so that only the integration manager had write access.  Since git 
init --shared=0644 would not do it for me, this is the method I used to 
ensure that git set the permissions according to its rules:

(Search Keywords: "How to change the permissions of a Git Repo")

Change Permissions on an Existing Git Repo:

Check System for Users who may be using the Repo:
# w  (see who's logged in)
# ps -A |grep git-menu-scriptname  (where scriptname is some unique string 
in the name of the main script your users use to access that repo, if 
applicable)
# skill -KILL pts/99  (where 99 = the pts/# from w command, log the user 
off)

Change Shared=group to Shared=0644  (change group read+write to group read 
only):
Create Template for permissions:
login as fsngit0
$ cd /path/to/template
$ cat config
[core]
        sharedRepository = 0644

Clone repo to set permissions via git:
$ cd /path/to/repo-parent-dir
$ git clone --bare --template=/path/to/template REPO.git REPOMOD.git

Compare old and new versions:
$ diff -r REPO.git REPOMOD.git
Only in REPO.git: branches  (empty, keep the old version)
diff -r REPO.git/config REPOMOD.git/config  (merge the old and new together)
1a2
>       sharedrepository = 0644
6,7c7
<         denyDeletes = true
<         denyNonFastForwards = true
---
>       denyNonFastforwards = true
Only in REPO.git: description  (keep the old version)
Only in REPO.git: gitk.cache  (gitk will recreate this)
Only in REPO.git: hooks  (contains sample scripts only or whatever scripts 
your using, keep the old version)
Only in REPO.git: info  (keep the old version: contains attributes, exclude, 
or whatever you've setup)
diff -r REPO.git/packed-refs REPOMOD.git/packed-refs  (keep the new version 
because fresh clone has been optimized)
2c2
< Xa8b7b8c8fd3920b89770f2e8356f4ecb71a58cX refs/heads/master
---
> Ya69744e46276a37932d5f0755a53f76cdf83e0dY refs/heads/master
Only in REPO.git/refs/heads: master  (old version not needed because fresh 
clone has been optimized)

Copy over REPO.git files that the clone didn't replicate, but that you need 
in order to retain all settings:
$ cd /path/to/REPOMOD.git
$ cp -rv /path/to/REPO.git/info .
repeat as needed...

change permissions to g-w or whatever your core.sharedRepository new value 
is supposed to be:
$ chmod -R g-w info
repeat as needed...

Validate your changes:
$ diff -r REPO.git REPOMOD.git
diff -r REPO.git/config REPOMOD.git/config
1a2
>       sharedrepository = 0644
7c8
<         denyNonFastForwards = true
---
>       denyNonFastforwards = true
Only in REPO.git: gitk.cache
diff -r REPO.git/packed-refs REPOMOD.git/packed-refs
2c2
< Xa8b7b8c8fd3920b89770f2e8356f4ecb71a58cX refs/heads/master
---
> Y69744e46276a37932d5f0755a53f76cdf83e0dY refs/heads/master
Only in REPO.git/refs/heads: master

Backup REPO.git and rename REPOMOD.git to REPO.git:
$ cp -rvp REPO.git REPO.git-old
$ diff -r REPO.git REPO.git-old
$ rm -rf REPO.git
$ cp -rvp REPOMOD.git REPO.git
$ diff -r REPO.git REPOMOD.git
$ diff -r REPO.git REPO.git-old