共享 GIT 远程存储库的文件权限问题
我有一个为我的办公室管理的 GIT 存储库。由于公司政策,我们不能使用外部托管提供商,例如 GitHub 等。所以,我只能利用我们的本地网络尽我所能。
每个人都管理自己的本地存储库,但我们也有一个远程存储库,我们的用户可以推送到该存储库(并且可供 Hudson 和 Fisheye 等应用程序访问),类似于中央存储库在 Subversion 中的工作方式。每个用户都有公钥设置,因此他们也可以对托管我们的远程存储库的盒子执行无密码身份验证。
对于我们的远程存储库,我将它们配置为以“组”模式共享:
git config core.sharedRepository group
我们的所有用户也是 git 组的成员,但这并不是许多用户的主要组。看起来,当 git 在“推送”上创建或更新任何对象时,它会使用用户的主要组。相反,我需要它使用每个用户都是其成员的公共“git”组。我之前在网上看到过讨论设置粘性位的文档,但它似乎根据源而有所不同,并且没有真正解决创建公共组的问题(如果我只是使文件任意可写,我不妨把它们做成 777)。
更新:
使用 Matthew Flaschen 的
chgrp -R git repo.git
find repo.git -type d -exec chmod g+rws {} +
我能够创建一个每个人都可以一起推送和拉取的存储库。我还会研究 gitolite,但我的需求非常基本,而且我们的环境允许自动配置用户和密钥,因此它的使用不是关键。但是,我想确保我正在正确处理这个问题。
我的存储库结构包括一个顶级目录 (remote-repos) 和每个存储库的子目录(app-1.git、app-2.git、library-1.git 等)。我应该能够将 chmod g+rws {} + 应用到顶级目录(远程存储库)而不是每个单独的存储库,对吗? find 命令
find /opt/remote-repos -type d -exec ...
查找 /opt/remote-repos 位置下的所有目录,并对它们执行命令。命令 (chmod g+rws) 确保组可以读取和写入这些文件,并设置粘性赌注,以便在执行时始终使用指定的组。 (我不知道 {} + 部分的使用,我假设这与 find exec 选项有关)。
无论如何,只是想确认我对这个解决方案的理解是正确的。
更多参考资料:
- chmod 来自维基百科
- SetGID(或 SetUID)来自 Wikipedia
- Git SharedRepository 选项讨论
I have a GIT repository that I manage for my office. Because of company policy, we can't use external hosting providers such as GitHub and the like. So, i'm left to do what I can with our local network.
Everyone manages their own local repositories, but we also have a remote repository that our users push to (and are accessible to applications like Hudson and Fisheye) similar to how a central repo would work in subversion. Each user has public keys setup so they can perform passwordless-authentication to the box hosting our remote repository as well.
For our remote repository, I have them configured to be shared in "group" mode:
git config core.sharedRepository group
All of our users are also members of the git group, but that is not the primary group for many of the users. It seems when git creates or updates any objects on "push," it uses the user's primary group. Instead, I need it to use the common "git" group that each user is a member. I've seen documentation on the web previously discussing setting the sticky bit, but it seemed to differ based on the source and didn't really address the issue of creating a common group (if i'm just making files arbitrarily write-able, I might as well make them 777).
Update:
Using Matthew Flaschen's answer below
chgrp -R git repo.git
find repo.git -type d -exec chmod g+rws {} +
I was able to create a repository that everyone could push and pull from together. I'll also look into gitolite, but my needs are pretty basic, and our environment allows for user and keys to be configured automatically, so it's use isn't as key. However, I want to make sure that i'm dealing with this correct.
My repository structure includes a top-level directory (remote-repos), and subdirectories for each of my repositories (app-1.git, app-2.git, library-1.git, etc). I should be able to apply the chmod g+rws {} + to the top level directory (remote-repos) instead of each individual repo, correct? The find command
find /opt/remote-repos -type d -exec ...
Finds all directories under the /opt/remote-repos location, and executes a command on them. The command (chmod g+rws) ensures that the group can read and write these files, as well as sets the sticky bet so the specified group is always used when executing. (I have no clue as to the use of the {} + portion, I'm assuming that's related to the find exec option).
Anyway, just want to confirm that my understanding of this solution is correct.
More References:
- chmod from Wikipedia
- SetGID (or SetUID) from Wikipedia
- Git SharedRepository option discussion
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
git 现在有一个
core.sharedRepository选项正是用于此目的。我建议:
然后,要设置初始组所有权,请
在存储库的根目录中执行:
对于新的存储库,您可以执行以下操作:
仅当上述方法不起作用时:
s 是 setgid 标志。在目录上,这意味着在该目录中创建的文件和目录具有相同的组(在本例中为 git)。新创建的子目录也继承setgid。
这与我工作中 git 存储库的设置方式类似。不过,我同意你应该考虑一个实际的 git 服务器进程。
git now has a
core.sharedRepositoryoption for exactly this purpose.I recommend:
Then, to set the initial group ownership, do:
in the root of the repo.
For a new repo, you can do:
Only if the above doesn't work:
s is the setgid flag. On directories, this means files and directories created within that directory have the same group (git in this case). Newly created subdirectories also inherit setgid.
This is similar to how the git repo is set up at my work. However, I agree you should consider an actual git server process.
用户不应使用任何具有 sudo 权限的 git 命令。
如果没有
sudo权限则无法工作,请务必检查所有具有755 的文件夹的权限和带有644的文件,使用以下命令您可以按预期重置权限。
上述命令可能需要使用 sudo 权限。
在此活动之后,您应该
commit+push将所有更改添加到存储库它将重新创建存储库中所有代码文件的权限。
User should not use any git command with sudo permissions.
If it doesn't work without
sudopermissions, make sure to check the permission of all the folder with755and files with644,Using the following commands you can reset the permissions as expected.
Above command may need to use
sudopermissions.After this activity you should
commit+pushall the changes to repoIt will re-create permissions for all code files in repo.
最简单的方法是使用 Gitolite。我在这方面取得了巨大的成功。
The easiest way is to use Gitolite. I've had great success with that.