如何在git仓库上正确使用组文件权限?
我们通过文件路径访问共享 git 存储库,出于各种原因我现在将省略它,使用 --shared=group 创建。
我们有不同的 UNIX 组,但都共享一个公共组。如果我在 git 存储库上运行 chgrp -R,每个人都可以从中读取,但如果有人经常写入它,则会创建不使用公共组的新文件。
这个问题似乎是因为我们的主要组不是共享组,如果我们运行 newgrp,一切似乎都运行良好。
但这种方法也存在一些问题; newgrp 很慢并且会生成一个新的 shell,这让我认为在 .bash_profile 中调用它是一个坏主意,甚至没有考虑我们是否希望所有新文件都使用共同组。不过,在进行任何 git 工作之前依赖内存来运行它似乎也是一场灾难。
那么...有什么建议吗?
We're accessing a shared git repository via file paths, for various reasons I'll omit for now, created with --shared=group.
We have various unix groups but all share a common group. If I run a chgrp -R on the git repository everyone can read from it, but if someone writes to it more often than not new files are created which do not use the common group.
This problem appears to be because our primary group is not the shared one and if we run a newgrp all seems to work well.
There are issues with this approach though; newgrp is slow and it spawns a new shell, which makes me think calling it in a .bash_profile would be a bad idea, without even considering whether or not we'd want all our new files to use the common group. Relying on memory to run it before doing any git work seems like a recipe for disaster too though.
So... any suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
尚未使用
--shared创建的现有存储库可以使用以下命令共享:An existing repository that has not been created with
--sharedcan be turned shared using following commands:您还需要在组上设置 setgid 位。
You need to set the setgid bit on the group as well.
这是一个裸仓库吗?如果它是一个裸存储库并且您在创建它时使用了 --shared 那么这种情况不应该发生,这就是我问的原因。
如果它是一个裸仓库,可能某些目录已更改为 gs,如果发生这种情况,您只需要 chmod g+x 全部目录,确保不对任何文件执行此操作。比这更简单的方法可能是 git init --bare --shared=group 一个新的存储库,然后将内容从某人的克隆推回给它。
Is this a bare repo? If its a bare repo and you used --shared when you created it then this shouldn't be happening which is why I'm asking.
If it is a bare repo maybe some of the directories got changed to g-s, if that happened you need to either
chmod g+xall the directories only, make sure you don't do it to any files. An easier way than that might be to justgit init --bare --shared=groupa new repo and push the content back to it from somebodies clone.一旦裸存储库具有
shared=group标志,git 将处理其余的事情,因此以下操作只需执行一次。此外,setgid已不再用于此用途。在这里,我复制/粘贴 我来自 serverfault 的答案:假设
repogroup是您的组,并且您有cd到 repo 目录:首先将共享标志更改为
group:注意:这里必须使用关键字
group,而不是组名称。这相当于使用选项
--shared=group创建裸存储库。然后更改整个存储库的组:
要确保现有目录是组可写的 (
g+w),并且现有的可执行文件也成为组可执行文件(
g+X)您还需要:
完成此操作后,git 将尊重
shared=group标志,并在下面处理现有文件和新文件的组权限,因此您将不再需要到umask或chgrp。如果我找到它,我会将来源放在评论中。
Once the bare repository has the
shared=groupflag, git will take care of the rest, so the following has to be done only once. Alsosetgidis deprecated for this use. Here I copy/paste my answer from serverfault:Assuming
repogroupis your group, and you havecdto the repo directory:First change the shared flag to
group:Note: here you must use the keyword
group, not the group name.This is equivalent to creating the bare repository with option
--shared=group.Then change the group for the whole repository:
To make sure that existing directories are group-writable (
g+w),and existing executables also become group-executables (
g+X)you also need to:
Once you have done this, git will honor the
shared=groupflag and take care of group permissions in the following, both for existing and new files, so you'll never need again toumaskorchgrp.I'll put the source in a comment if I find it back.
我必须使用上述答案的组合:
I had to use a combination from the above answers: