* how to change permissions of git repo
@ 2010-08-27 3:03 Neal Kreitzinger
0 siblings, 0 replies; only message in thread
From: Neal Kreitzinger @ 2010-08-27 3:03 UTC (permalink / raw)
To: git
Here is the technique I devised to change permissions on a git repo. I
needed to lock down a repo so only the integration manager has write access.
This method ensures that git sets the permissions according to gits rules.
Please let me know if you know of an easier/better way to do this.
Change Permissions on an Existing Git Repo:
Check System for Users who may be using the Repo:
# w (see who's logged in)
# ps -A |grep git-menu-scriptname (where scriptname is some unique string
in the name of the main script your users use to access that repo, if
applicable)
# skill -KILL pts/99 (where 99 = the pts/# from w command, log the user
off)
Change Shared=group to Shared=0644 (change group read+write to group read
only):
Create Template for permissions:
login as fsngit0
$ cd /path/to/template
$ cat config
[core]
sharedRepository = 0644
Clone repo to set permissions via git:
$ cd /path/to/repo-parent-dir
$ git clone --bare --template=/path/to/template file:///path/to/REPO.git
REPOMOD.git
Compare old and new versions:
$ diff -r REPO.git REPOMOD.git
Only in REPO.git: branches (empty, keep the old version)
diff -r REPO.git/config REPOMOD.git/config (merge the old and new together)
1a2
> sharedrepository = 0644
6,7c7
< denyDeletes = true
< denyNonFastForwards = true
---
> denyNonFastforwards = true
Only in REPO.git: description (keep the old version)
Only in REPO.git: gitk.cache (gitk will recreate this)
Only in REPO.git: hooks (contains sample scripts only or whatever scripts
your using, keep the old version)
Only in REPO.git: info (keep the old version: contains attributes, exclude,
or whatever you've setup)
Only in REPO.git/objects: aa (keep new version, loose object have been
packed)
Only in REPO.git/objects/pack:
pack-A5735e9b894dce1498ec1c776dcabc97fd8ceAfc.idx
diff -r REPO.git/packed-refs REPOMOD.git/packed-refs (keep the new version
because fresh clone has been optimized)
2c2
< Xa8b7b8c8fd3920b89770f2e8356f4ecb71a58cX refs/heads/master
---
> Ya69744e46276a37932d5f0755a53f76cdf83e0dY refs/heads/master
Only in REPO.git/refs/heads: master (old version not needed because fresh
clone has been optimized)
Copy over REPO.git files that the clone didn't replicate, but that you need
in order to retain all settings:
$ cp -rv /path/to/REPO.git/info .
repeat as needed...
change permissions to g-w or whatever your core.sharedRepository new value
is supposed to be:
$ chmod -R g-w info
repeat as needed...
Validate your changes:
$ diff -r REPO.git REPOMOD.git
diff -r REPO.git/config REPOMOD.git/config
1a2
> sharedrepository = 0644
7c8
< denyNonFastForwards = true
---
> denyNonFastforwards = true
Only in REPO.git: gitk.cache
Only in REPO.git/objects: aa
Only in REPO.git/objects/pack:
pack-A5735e9b894dce1498ec1c776dcabc97fd8ceAfc.idx
diff -r REPO.git/packed-refs REPOMOD.git/packed-refs
2c2
< Xa8b7b8c8fd3920b89770f2e8356f4ecb71a58cX refs/heads/master
---
> Y69744e46276a37932d5f0755a53f76cdf83e0dY refs/heads/master
Only in REPO.git/refs/heads: master
Backup REPO.git and rename REPOMOD.git to REPO.git:
$ cp -rvp REPO.git REPO.git-old
$ diff -r REPO.git REPO.git-old
$ rm -rf REPO.git
$ cp -rvp REPOMOD.git REPO.git
$ diff -r REPO.git REPOMOD.git
$ diff -r REPO.git REPO.git-old
v/r,
Neal
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-08-27 3:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-27 3:03 how to change permissions of git repo Neal Kreitzinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).