correct file permissions for trac and git user to access gitolite server repos

git linux file-permissions apache-2.2 trac

The most secure way of doing it I would say is to have a group called git-readers

add git and www-data to it, then have the following folder structure:

/home/git - git:git-readers u=rwx,g=rx,o=
/home/git/repositories - git:git u=rwx,g=rwx,o=rx

This will allow www-data into the folder for reading, but only give the git user write access. Any other user can't do anything.

If you want to add additional writers, I would add another group git-writers and add the users and git to it as well as the git-readers group, then use the following structure:

/home/git - git:git-readers u=rwx,g=rx,o=
/home/git/repositories - git:git-writers u=rwx,g=rwxs,o=rx

Note the 's' in the group permissions. This makes the writer users use git-writers group as their default group. This will only work properly if the writers are all umask 0002.

Related

How to massively create "home" folder for users in active directory?
Redirecting all WiFi requests to my server (like captive portal)
Apache reverse proxy jumps back to insecure protocol after redirect
Can I use a subnet mask to limit the number of users on a router?
creating client certificates
OpenLDAP Chain not found
Why don't DNS root servers answer?
Trying to confirm is php7.0-fpm is working with apache on Ubuntu 16.04
Finding all network addresses associated with a given hostname
NGINX sub domain proxy pass
Comparison between performance of block layout, file layout and object layout of pNFS [duplicate]
Firewalld: How to whitelist just two IP-addresses, not on the same subnet