共享GIT远程存储库的文件权限问题 [英] File Permission issues with sharing a GIT Remote Repository
问题描述
我有一个GIT存储库,可以管理我的办公室。由于公司政策,我们不能使用外部托管服务提供商,如GitHub等。所以,我必须尽我所能与我们的本地网络做。
每个人都管理自己的本地存储库,但我们也有一个远程存储库, (并且可以被Hudson和Fisheye等应用程序访问),这与中央回购在颠覆中的工作方式类似。每个用户都有公钥设置,因此他们可以对托管我们的远程仓库的盒子执行无密码验证。
对于我们的远程存储库,我将它们配置为共享在group模式下:
git config core.sharedRepository group
我们所有的用户都是git组的成员,但这不是许多用户的主要组。看起来,当git在push上创建或更新任何对象时,它使用用户的主要组。相反,我需要它使用每个用户都是成员的通用混帐组。我曾经在网上看过有关设置粘性位的文档,但它似乎根据源代码有所不同,并没有真正解决创建一个共同组的问题(如果我只是使文件可任意写入, b
更新:
使用Matthew Flaschen的下面的答案
chgrp -R git repo.git
找到repo.git -type d -exec chmod g + rws {} +
我能够创建一个每个人都可以推送的存储库,从一起拉。我也会研究gitolite,但我的需求是非常基础的,我们的环境允许用户和密钥自动配置,所以它的使用不是关键。但是,我想确保我正确处理这个问题。
我的存储库结构包括一个顶级目录(remote-repos)和每个子目录我的仓库(app-1.git,app-2.git,library-1.git等)。我应该能够将chmod g + rws {} +应用到顶层目录(remote-repos)而不是每个单独的回购库,对吗? find命令
find / opt / remote-repos -type d -exec ...
查找/ opt / remote-repos位置下的所有目录,并对它们执行命令。命令(chmod g + rws)确保组可以读取和写入这些文件,并设置粘性赌注,以便在执行时始终使用指定的组。 (我不知道是否使用了{} +部分,我假设它与find exec选项有关)。
无论如何,只需要确认我的理解是正确的。
b $ b- 维基百科 chmod
- 维基百科 SetGID (或SetUID)
- Git SharedRepository 选项讨论
git现在有一个 core.sharedRepository 选项。
我推荐:
git confi g core.sharedRepository组
然后,要设置初始组所有权,请执行:
sudo chgrp -R somegroup。
sudo find -type d -exec chmod g + s {} +
sudo chmod -R g + rw .git / objects /
在回购的根目录中。
对于新的回购,您可以这样做:
git init --shared = group
只有以上方法无效:
chgrp git -R repo.git
找到repo.git -type d -exec chmod g + rws {} +
是setgid标志。在目录上,这意味着在该目录下创建的文件和目录具有相同的组(本例中为git)。新创建的子目录也继承了setgid。
这与我在工作中设置git仓库的方式类似。不过,我同意你应该考虑一个实际的git服务器进程。
I have a GIT repository that I manage for my office. Because of company policy, we can't use external hosting providers such as GitHub and the like. So, i'm left to do what I can with our local network.
Everyone manages their own local repositories, but we also have a remote repository that our users push to (and are accessible to applications like Hudson and Fisheye) similar to how a central repo would work in subversion. Each user has public keys setup so they can perform passwordless-authentication to the box hosting our remote repository as well.
For our remote repository, I have them configured to be shared in "group" mode:
git config core.sharedRepository group
All of our users are also members of the git group, but that is not the primary group for many of the users. It seems when git creates or updates any objects on "push," it uses the user's primary group. Instead, I need it to use the common "git" group that each user is a member. I've seen documentation on the web previously discussing setting the sticky bit, but it seemed to differ based on the source and didn't really address the issue of creating a common group (if i'm just making files arbitrarily write-able, I might as well make them 777).
Update:
Using Matthew Flaschen's answer below
chgrp -R git repo.git
find repo.git -type d -exec chmod g+rws {} +
I was able to create a repository that everyone could push and pull from together. I'll also look into gitolite, but my needs are pretty basic, and our environment allows for user and keys to be configured automatically, so it's use isn't as key. However, I want to make sure that i'm dealing with this correct.
My repository structure includes a top-level directory (remote-repos), and subdirectories for each of my repositories (app-1.git, app-2.git, library-1.git, etc). I should be able to apply the chmod g+rws {} + to the top level directory (remote-repos) instead of each individual repo, correct? The find command
find /opt/remote-repos -type d -exec ...
Finds all directories under the /opt/remote-repos location, and executes a command on them. The command (chmod g+rws) ensures that the group can read and write these files, as well as sets the sticky bet so the specified group is always used when executing. (I have no clue as to the use of the {} + portion, I'm assuming that's related to the find exec option).
Anyway, just want to confirm that my understanding of this solution is correct.
More References:
- chmod from Wikipedia
- SetGID (or SetUID) from Wikipedia
- Git SharedRepository option discussion
git now has a core.sharedRepository option for exactly this purpose.
I recommend:
git config core.sharedRepository group
Then, to set the initial group ownership, do:
sudo chgrp -R somegroup .
sudo find -type d -exec chmod g+s {} +
sudo chmod -R g+rw .git/objects/
in the root of the repo.
For a new repo, you can do:
git init --shared=group
Only if the above doesn't work:
chgrp git -R repo.git
find repo.git -type d -exec chmod g+rws {} +
s is the setgid flag. On directories, this means files and directories created within that directory have the same group (git in this case). Newly created subdirectories also inherit setgid.
This is similar to how the git repo is set up at my work. However, I agree you should consider an actual git server process.
这篇关于共享GIT远程存储库的文件权限问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
