How to prevent ssh git push to set file ownership?

Question

I have a remote bare Git repository on an Ubuntu server, where the files are owned by the user my_project and the group my_project, with permissions set accordingly. All commiters are themself in the group my_project.

When somebody commit then push from any Ubuntu laptop with the user my_user to the server via SSH, some files in the remote repository are created (updated?) so they now belong to the user and group my_user.

Of course, when somebody else wants to commit, he is now unable to do so because he doesn't have write permissions. I could set permission to 777 but it's not the best option.

Is there any way I can solve this problem while keeping restricted write permissions?

score 4 · Accepted Answer · answered Apr 18 '10 at 20:23

4

Would the SUID and SGID bits help you? I use a similar mechanism to allow members of the bzr group to commit files to a bazaar central repo and still keep the accessible permissions.

drwsrwsr-x  3 bzr          bzr          4.0K 2010-04-15 17:58 bzr

set with sudo chmod ug+s /home/bzr

/etc/group contains bzr:x:1012:bzr,tom,<and a whole bunch of other usernames>

This seems to work pretty well for us, allowing users in the bzr group to commit files to the central repository.

Setting mode 777 probably isn't ideal, for the obvious security reasons.

If I've missed the point, oops.

answered Apr 18 '10 at 20:23

Tom O'Connor

27,480
10
73
148

I'll try that :-) ! – Bite code Apr 19 '10 at 09:24
Heh. It was really late at night when i posted this. Couldn't remember if I had or not! – Tom O'Connor Apr 19 '10 at 09:50
That worked. Thks. – Bite code Apr 19 '10 at 14:19

score 3 · Answer 2 · answered Apr 18 '10 at 19:22

3

Check out the core.sharedRepository config variable in git config --help. Setting it to group might do the trick.

Another option might be to use something like gitosis to manage the repository.

answered Apr 18 '10 at 19:22

ptman

28,394
2
30
45

+1. This approach is more preferrable to me when hosting the remote repo over ssh. Set the config by executing `git config core.sharedRepository group` on the MyProject.git folder. Also I normally add `umask 002` on /etc/profile so new files written automatically has group write permission – gerrytan Feb 26 '13 at 23:09
In addition to that `git config core.filemode false` will prevent the repository from getting dirty if a file permission or file owner has changed. – Martin Braun Jul 19 '23 at 04:19

How to prevent ssh git push to set file ownership?

2 Answers2