2

I have a local repo and remote --bare repository set.

Each of my hosting packages has its own user and group (with no ssh access), so I have so permissions problems.

I have worked around this by setting up my remote repo as ssh://root@... and createing post-receive hook to apply chown correctuser:correctgroup -R public_html/

This is as you can see not ideal as I involve 'root' and that should not be the case.

Would 'git init --bare --shared' help at all?

I would like to be able to push remotely as root and adding 'git' to all of my groups (packages) didn't help either.

Please advise.

rat4m3n
  • 1,201
  • 2
  • 16
  • 23

2 Answers2

2

You could keep root and its chown for your ssh access, but limiting the ssh session to only git commands, with an authorization layer like gitolite.

--shared option (man git init)isn't exactly suited when you have multiple groups:

--shared[=(false|true|umask|group|all|world|everybody|0xxx)]

Specify that the git repository is to be shared amongst several users.
This allows users belonging to the same group to push into that repository.
When specified, the config variable "core.sharedRepository" is set so that files and directories under $GIT_DIR are created with the requested permissions.
When not specified, git will use permissions reported by umask(2).

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hmm, this would not quite work as I don't want to 'limit' root privileges. And I am the only ssh user on this server so gitolite seem a bit over doing it. ;( – rat4m3n Oct 21 '12 at 18:30
  • @user1113177 it would work of you generate a public/private key dedicated for those git commands, while keeping the default ones for root interactive shell session. You can use several public/private keys for ssh, as illustrated for instance in: http://stackoverflow.com/questions/12998273/w-access-for-gitolite-admin-denied-to-user/12998492#12998492 – VonC Oct 21 '12 at 18:33
0

This worked for me: https://serverfault.com/questions/133508/how-to-prevent-ssh-git-push-to-set-file-ownership

Basically you set the SUID and SGID bits.

Mr Ed
  • 5,068
  • 1
  • 19
  • 12