Git change default umask when update file

Question

I have a problem with Git. I searched for a solution in Google and in StackOverflow but nothing helps.

The problem is that every time git updates some file in the wo

Answer 1

I've just been hitting this problem when checking out a repo to a home directory mounted via NFS on Ubuntu 14.04 (Trusty) using the backported Xenial version 4.x linux Kernel. Git clone to a local directory was fine. Even more odd: A second Ubuntu 14.04 server did not exhibit the same problem on the same mounted directory.

After a lot of poking around I was able to see using strace that git called the open() system call to create each file with options O_CREAT,O_WRONLY and O_EXCL and a mode of 0666, but then the next syscal was an fstat() against the file and told me it was mode 0700 . In my case the problem only affected certain files in the repo. Despite 'git ls-index' showing mode 0644 for most files, some of them were being created correctly and others not; although it was always the same files which had wrong permissions on clone.

I noticed that there was a difference in Kernel version between the two systems and then discovered the following bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1654288

Upgrading the kernel to 4.4.0-98 (from 4.4.0-59) fixed this for me. I checked some hosts still using the version 3.x Linux Kernel and these did not have problem.

Answer 2

It is kind of dangerous to allow file execution as a binary. Anyway I solved the problem with umask. My post-receive script looks like:

!/bin/sh
umask 002
GIT_WORK_TREE=/var/www/site git checkout -f

So, file permissions set to 664 and directory permissions set to 775, which suits me perfectly.

P.S. Setting umask in a .profile file of git user has no effect, and I don't understand why, please comment out if you know why this happens.

Answer 3

Quick answer is this shell function to be put in your ~/.profile. An explanation follows.

git(){(umask 0022; command git "$@")}

A umask is property of a process. It is inherited from the parent process and can be changed from inside later. The command to change umask is usually named umask too.

Git has no configuration option for setting its umask, it does not change its umask after it is executed. You have to set Git's umask from outside, let it be inherited from parent process (usually a shell).

Mmm, you seem to dislike the idea that anything except git has changed umask. So let's change it just when executing git.

When a shell executes a line, it takes the first word on the line and tries to find a function of that name. Only if there is none, it tries to locate a command of that name in PATH. The function I've written above is named git, therefore any direct invocation of git now executes it instead of the git command.

The function executes a subshell, changes its umask and executes the git command from inside the subshell. After Git finishes its work, the subshell also exits and the original shell instance will still have the original umask.

However, the function also shows how to bypass itself. If you call git via command git or even /usr/bin/git, the function won't be called. For any decent use this is good enough, though.

Answer 4

Using hooks to change file mode after checkout is fixing the problem after it already ocurred. You already have bad file mode in the filesystem when executing the hook. If a request arrives just between the checkout and hook execution, the server will respond with the 500 error. But you may be interested in this solution anyway.

You need a post-checkout hook running chmod g-w on all the files necessary. The hook is .git/hooks/post-checkout, should be executable and gets the current HEAD as second parameter ($2 in shell). The hook could look like this:

#!/bin/bash
git ls-files -z --with-tree="$2" | xargs -0 chmod g-w --

As the hook does not get list of files checked out, this may be the best implementation possible. It changes the mode of all the files in current HEAD.