correct file permissions for trac and git user to access gitolite server repos
The most secure way of doing it I would say is to have a group called git-readers
add git and www-data to it, then have the following folder structure:
/home/git - git:git-readers u=rwx,g=rx,o=
/home/git/repositories - git:git u=rwx,g=rwx,o=rx
This will allow www-data into the folder for reading, but only give the git user write access. Any other user can't do anything.
If you want to add additional writers, I would add another group git-writers and add the users and git to it as well as the git-readers group, then use the following structure:
/home/git - git:git-readers u=rwx,g=rx,o=
/home/git/repositories - git:git-writers u=rwx,g=rwxs,o=rx
Note the 's' in the group permissions. This makes the writer users use git-writers group as their default group. This will only work properly if the writers are all umask 0002.