Hello, I have a git environment where there are two basic groupings of individuals, Engineering and Operations. For this example, we will assume that Engineering has rwX extended file permissions to everything.
In doing testing with the Operations team to allow them to edit and push certain file structures in git to dev/live, we provided rwX extended file permissions to the Operations accounts recursively through the objects and refs directories, under dev and live. We also provided rwX extended file permissions recursively to the directories which need to be altered and pushed through the environments, let's call that /example/files/. Here is the relevant portion of /example/files/.git/config: > [remote "live"] > *url* = /etc/files/environments/production > *fetch* = +refs/heads/*:refs/remotes/live/* > [remote "dev"] > *url* = /etc/files/environments/development > *fetch* = +refs/heads/*:refs/remotes/dev/* What I found was that when their $PWD was /examples/files/, a user from the Operations team was able to run the following commands for a file which was being added (not modified) to git > git add file.sh git commit -m "Promoting file.sh to production" with no visible error messages. However, when they attempted > git push live to promote to production, they were given an error message that said: > remote: fatal: Unable to create > '/etc/files/environments/production/./index.lock': Permission denied Now, under /etc/files/environments/production/objects, there are references to the files which the user attempted to push (confirmed with 'git cat-file -p <hash>'), and are owned by that user. Even after a second push by another user, these files continue to exist. Additionally, I noticed that the git logs (confirmed with 'git log -p') added the Operations team member's push as it would a successful push. We are currently running git version 1.7.9.5. Here are my questions: 1. Should the object files owned by the Operations user continue to exist in the /etc/files/environments/production/objects/ directory, even after a successful push was executed (with modifications of the same files that the Operations user added to git in the first place) by another user? 2. How should the file permissions of /etc/files/environments/production/ and /etc/files/environments/development/ be configured to allow creation of the index.lock? We want to make sure that the Operations users have proper access control; I have considered turning the sticky bit on for this directory, but I am unaware of any additional downstream impact that this may impose. Thanks, Jon -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
