I have a git environment where there are two basic groupings of
individuals, Engineering and Operations. For this example, we will assume
that Engineering has rwX extended file permissions to everything.
In doing testing with the Operations team to allow them to edit and push
certain file structures in git to dev/live, we provided rwX extended file
permissions to the Operations accounts recursively through the objects and
refs directories, under dev and live. We also provided rwX extended file
permissions recursively to the directories which need to be altered and
pushed through the environments, let's call that /example/files/.
Here is the relevant portion of /example/files/.git/config:
> [remote "live"]
> *url* = /etc/files/environments/production
> *fetch* = +refs/heads/*:refs/remotes/live/*
> [remote "dev"]
> *url* = /etc/files/environments/development
> *fetch* = +refs/heads/*:refs/remotes/dev/*
What I found was that when their $PWD was /examples/files/, a user from the
Operations team was able to run the following commands for a file which was
being added (not modified) to git
> git add file.sh
git commit -m "Promoting file.sh to production"
with no visible error messages. However, when they attempted
> git push live
to promote to production, they were given an error message that said:
> remote: fatal: Unable to create
> '/etc/files/environments/production/./index.lock': Permission denied
Now, under /etc/files/environments/production/objects, there are references
to the files which the user attempted to push (confirmed with 'git cat-file
-p <hash>'), and are owned by that user. Even after a second push by
another user, these files continue to exist.
Additionally, I noticed that the git logs (confirmed with 'git log -p')
added the Operations team member's push as it would a successful push.
We are currently running git version 126.96.36.199.
Here are my questions:
1. Should the object files owned by the Operations user continue to exist
in the /etc/files/environments/production/objects/ directory, even after a
successful push was executed (with modifications of the same files that the
Operations user added to git in the first place) by another user?
2. How should the file permissions of /etc/files/environments/production/
and /etc/files/environments/development/ be configured to allow creation of
the index.lock? We want to make sure that the Operations users have proper
access control; I have considered turning the sticky bit on for this
directory, but I am unaware of any additional downstream impact that this
You received this message because you are subscribed to the Google Groups "Git
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.