共享 GIT 远程存储库的文件权限问题
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5306768/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
File Permission issues with sharing a GIT Remote Repository
提问by J Jones
I have a GIT repository that I manage for my office. Because of company policy, we can't use external hosting providers such as GitHub and the like. So, i'm left to do what I can with our local network.
我有一个为我的办公室管理的 GIT 存储库。由于公司政策,我们不能使用外部托管服务提供商,例如 GitHub 等。所以,我只能用我们的本地网络做我能做的事情。
Everyone manages their own local repositories, but we also have a remote repository that our users push to (and are accessible to applications like Hudson and Fisheye) similar to how a central repo would work in subversion. Each user has public keys setup so they can perform passwordless-authentication to the box hosting our remote repository as well.
每个人都管理自己的本地存储库,但我们也有一个远程存储库,我们的用户可以将其推送到(并且可以被 Hudson 和 Fisheye 等应用程序访问),类似于中央存储库在 subversion 中的工作方式。每个用户都有公钥设置,因此他们也可以对托管我们的远程存储库的盒子执行无密码身份验证。
For our remote repository, I have them configured to be shared in "group" mode:
对于我们的远程存储库,我将它们配置为以“组”模式共享:
git config core.sharedRepository group
All of our users are also members of the git group, but that is not the primary group for many of the users. It seems when git creates or updates any objects on "push," it uses the user's primary group. Instead, I need it to use the common "git" group that each user is a member. I've seen documentation on the web previously discussing setting the sticky bit, but it seemed to differ based on the source and didn't really address the issue of creating a common group (if i'm just making files arbitrarily write-able, I might as well make them 777).
我们所有的用户也是 git 组的成员,但这不是许多用户的主要组。似乎当 git 在“推送”时创建或更新任何对象时,它使用用户的主要组。相反,我需要它使用每个用户都是成员的公共“git”组。我之前在网上看到过讨论设置粘滞位的文档,但它似乎因来源而异,并没有真正解决创建公共组的问题(如果我只是让文件可以任意写入,我不妨把它们做成 777)。
Update:
更新:
Using Matthew Flaschen's answer below
chgrp -R git repo.git
find repo.git -type d -exec chmod g+rws {} +
I was able to create a repository that everyone could push and pull from together. I'll also look into gitolite, but my needs are pretty basic, and our environment allows for user and keys to be configured automatically, so it's use isn't as key. However, I want to make sure that i'm dealing with this correct.
我能够创建一个每个人都可以一起推送和拉取的存储库。我也会研究 gitolite,但我的需求非常基本,我们的环境允许自动配置用户和密钥,所以它的使用不是关键。但是,我想确保我处理的是正确的。
My repository structure includes a top-level directory (remote-repos), and subdirectories for each of my repositories (app-1.git, app-2.git, library-1.git, etc). I should be able to apply the chmod g+rws {} + to the top level directory (remote-repos) instead of each individual repo, correct? The find command
我的存储库结构包括一个顶级目录 (remote-repos),以及我的每个存储库的子目录(app-1.git、app-2.git、library-1.git 等)。我应该能够将 chmod g+rws {} + 应用到顶级目录(远程存储库)而不是每个单独的存储库,对吗?查找命令
find /opt/remote-repos -type d -exec ...
Finds all directories under the /opt/remote-repos location, and executes a command on them. The command (chmod g+rws) ensures that the group can read and write these files, as well as sets the sticky bet so the specified group is always used when executing. (I have no clue as to the use of the {} + portion, I'm assuming that's related to the find exec option).
查找 /opt/remote-repos 位置下的所有目录,并对它们执行命令。命令 (chmod g+rws) 确保该组可以读取和写入这些文件,并设置粘性赌注,以便在执行时始终使用指定的组。(我不知道 {} + 部分的使用,我假设这与 find exec 选项有关)。
Anyway, just want to confirm that my understanding of this solution is correct.
无论如何,只是想确认我对这个解决方案的理解是正确的。
More References:
更多参考:
- chmodfrom Wikipedia
- SetGID(or SetUID) from Wikipedia
- Git SharedRepositoryoption discussion
- 来自维基百科的chmod
- 来自维基百科的SetGID(或 SetUID)
- Git SharedRepository选项讨论
回答by Matthew Flaschen
git now has a core.sharedRepositoryoption for exactly this purpose.
git 现在有一个core.sharedRepository选项来实现这个目的。
I recommend:
我建议:
git config core.sharedRepository group
Then, to set the initial group ownership, do:
然后,要设置初始组所有权,请执行以下操作:
sudo chgrp -R somegroup .
sudo find -type d -exec chmod g+s {} +
sudo chmod -R g+rw .git/objects/
in the root of the repo.
在回购的根。
For a new repo, you can do:
对于新的回购,您可以执行以下操作:
git init --shared=group
Only if the above doesn't work:
仅当上述方法不起作用时:
chgrp git -R repo.git
find repo.git -type d -exec chmod g+rws {} +
s is the setgid flag. On directories, this means files and directories created within that directory have the same group (git in this case). Newly created subdirectories also inherit setgid.
s 是 setgid 标志。在目录上,这意味着在该目录中创建的文件和目录具有相同的组(在本例中为 git)。新创建的子目录也继承 setgid。
This is similar to how the git repo is set up at my work. However, I agree you should consider an actual git server process.
这类似于我在工作中设置 git repo 的方式。但是,我同意您应该考虑实际的 git 服务器进程。
回答by PiyusG
User should not use any git command with sudo permissions.
用户不应使用任何具有 sudo 权限的 git 命令。
If it doesn't work without sudopermissions, make sure to check the permission of all the folder with 755and files with 644,
如果没有sudo权限它不起作用,请确保检查所有文件夹755和文件的权限644,
Using the following commands you can reset the permissions as expected.
使用以下命令,您可以按预期重置权限。
find /path/to/repo_folder -type d -exec chmod 755 {} \;
find /path/to/repo_folder -type f -exec chmod 644 {} \;
Above command may need to use sudopermissions.
以上命令可能需要使用sudo权限。
After this activity you should commit+ pushall the changes to repo
It will re-create permissions for all code files in repo.
在此活动之后,您应该commit+push对 repo 的所有更改 它将为 repo 中的所有代码文件重新创建权限。
回答by Adam Dymitruk
The easiest way is to use Gitolite. I've had great success with that.
最简单的方法是使用 Gitolite。我在这方面取得了巨大的成功。
