How to configure an existing git repo to be shared by a UNIX group

git permissions share shared

I have an existing git repo (a bare one) which has up to this point only been writable by me. I want to open it up to some UNIX user group, foo, so that all members of foo can push to it. I'm aware that I can easily set up a new git repo with:

git init --bare --shared=group repodir
chgrp -R foo repodir

But I need the equivalent operation for an existing repo dir.


Solution 1:

Try this to make an existing repository in repodir work for users in group foo:

chgrp -R foo repodir                 # set the group
chmod -R g+rw repodir                # allow the group to read/write
chmod g+s `find repodir -type d`     # new files get group id of directory
git init --bare --shared=all repodir # sets some important variables in repodir/config ("core.sharedRepository=2" and "receive.denyNonFastforwards=true")

Solution 2:

Merging @David Underhill and @kixorz answers, I made my own (definitive) solution.

It is for bare repos and non-bare repos. There are only little differences between them, but in this way is clearer.

BARE REPOSITORY

cd <repo.git>/                            # Enter inside the git repo
git config core.sharedRepository group    # Update the git's config
chgrp -R <group-name> .                   # Change files and directories' group
chmod -R g+w .                            # Change permissions
chmod g-w objects/pack/*                  # Git pack files should be immutable
find -type d -exec chmod g+s {} +         # New files get directory's group id

where:

  • <repo.git> is the bare repository directory, typically on the server (e.g. my_project.git/).
  • <group-name> is the group name for git users (e.g. users).

NON-BARE REPOSITORY

cd <project_dir>/                         # Enter inside the project directory
git config core.sharedRepository group    # Update the git's config
chgrp -R <group-name> .                   # Change files and directories' group
chmod -R g+w .                            # Change permissions
chmod g-w .git/objects/pack/*             # Git pack files should be immutable
find -type d -exec chmod g+s {} +         # New files get directory's group id

where:

  • <project_dir> is the project directory containing the .git folder.
  • <group-name> is the group name for git users (e.g. users).

Solution 3:

In the repo dir execute following commands:

git config core.sharedRepository group
chgrp -R foo repodir
chmod -R g+w repodir

Edit: To address frequent confusion, group is an actual keyword, you're not supposed to replace this with the name of the group.

Solution 4:

This is probably not necessary, but it's worth pointing out that git init --bare --shared also sets the denyNonFastForwards option.

git config receive.denyNonFastForwards true

The meaning of this option is as follows:

receive.denyNonFastForwards

If you rebase commits that you’ve already pushed and then try to push again, or otherwise try to push a commit to a remote branch that doesn’t contain the commit that the remote branch currently points to, you’ll be denied. This is generally good policy; but in the case of the rebase, you may determine that you know what you’re doing and can force-update the remote branch with a -f flag to your push command.

(from http://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration)

Related

Rails find record with zero has_many records associated [duplicate]
Is it possible to use WPA3 with netplan?
How to reset thumbnail cache in XFCE? [duplicate]
Recovering data from zfs pool with deleted partition tables
What is the difference between `VAR=...` and `export VAR=...`?
The firefox-Browser obviously created hangings, also I quit this application. But now I run Unbuntu, but without any browser ?? How do I get frf bck? [closed]
GNU watch without erasing previous outputs
Ubuntu 20.04 weird problems on mariadb-server-10.3 upgrade
Do Dpkg and apt-get install dependencies?
Apt-get update with an @ in password error
How to abort a stuck command in ubuntu server?
How to go between partitions in terminal