Checking / fixing permissions on hosted git projects
Todd Zullinger
tmz at pobox.com
Thu Jul 23 15:59:06 UTC 2009
Hey all,
Every so often we've had problems with uses having permissions
problems in git repos on hosted. This is less of an issue over the
past few months as we backported a patch from upstream git to ensure
that git sets the permissions properly as well as setting the right
permissions with the gitsetup.sh script when creating new repos¹.
¹ Except for the minor issue that it issues a mildly overly broad
'chmod -R g+w .' -- which makes any files in the objects tree group
writable even though they are not intended nor required to be
writable by anyone. Objects are read only for git.
To help ensure that we don't end up with any new permissions problems
I whipped up a git-check-perms script which might be useful to run as
a cron job once a daily or even weekly. It should alert us to any new
problems with git or with our setup/import scripts. It can also be
used to correct any problems found, after we've looked into what
caused them, of course. The script is in ~tmz/bin/git-check-perms on
hosted1.
Before the output of this is clean and suitable for a cron job, there
are a few minor things that should be fixed. Mostly this is fixing
files in the objects dir that have unneeded write permissions. There
are also a few config and commit-list files that would get group write
permissions added. Neither of these things cause any real problems,
but they differ from how we'd like to setup and import git projects,
so making them consistent will make things simpler all around.
The list of changes the script would make is attached. If anyone has
a moment to check that it looks sane, that would great. The short
list of non-objects dir issues is:
/git/Virtualization_Guide.git/commit-list: Not group writable (should be "0664")
/git/augeas.git/commit-list: Not group writable (should be "0664")
/git/collie.git/commit-list: Not group writable (should be "0664")
/git/comps-extras.git/logs: Not SETGID (should be "02775")
/git/comps-extras.git/logs/refs: Not SETGID (should be "02775")
/git/comps-extras.git/logs/refs/heads: Not SETGID (should be "02775")
/git/docs/install-guide.git/config: Not group writable (should be "0664")
/git/docs/release-notes.git/config: Not group writable (should be "0664")
/git/fastback.git/commit-list: Not group writable (should be "0664")
/git/grubby.git/commit-list: Not group writable (should be "0664")
/git/grubby.git/config: Not group writable (should be "0664")
/git/moksha.git/commit-list: Not group writable (should be "0664")
/git/pam_url.git/config: Not group writable (should be "0664")
/git/piranha.git/commit-list: Not group writable (should be "0664")
/git/simon.git/commit-list: Not group writable (should be "0664")
/git/sssd.git/commit-list: Not group writable (should be "0664")
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Becoming aware of my character defects leads me naturally to the next
step of blaming my parents.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: git-perms.gz
Type: application/x-gzip
Size: 41006 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090723/6c77b0a3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20090723/6c77b0a3/attachment.sig>
More information about the Fedora-infrastructure-list
mailing list