How to get a remote git server working with multiple users?

[Red Squirrel]

When a user writes a file it takes on that user's username/group then other users have no permission to it. Is there a way around this issue? Basically I want to create a SSH account for multiple users and have them all write to the same folder which will be the central git repository.

But when one user writes, it just takes on that user's user/group permissions and does not inherit from the parent folder. Is there a way I can just have everything in one folder/subfolder take on a set user/group? Like I don't want each individual folder/file to have it's own broken inheritance I want everything to be based on the root file.

Is there some way of accomplishing this without needing to have scripts that run nightly to reset it?


As a site note, is this the correct way for a new user to init their local environment so they can use my git server? I got the server and my own personal one working a long time ago so just want to make sure I'm doing it right. It SEEMS to be working except for the permission issues. If I manually go change the permissions after a commit then everything seems to work as I expect.

#create/move to the folder you want to code from:
mkdir app
cd app

#init git environment:
git init

#add repo remote info:
git remote add origin ssh://username@host:22/path/to/repo

#set some global options for this repo:
git config branch.master.remote origin
git config branch.master.merge refs/heads/master

#optional (needed if you never used git before on that system)
git config user.email "youremail@example.com"
git config user.name "Your Name"

Then they can do git pull etc.

 

[dave_the_nerd]

You should probably install gitolite or gitlab.

How they handle it, is to have a "git" user on the server that owns all the files. You append all the different users' public keys to the authorized_keys file for that account. Then people set their remotes to:

ssh://git@host:22/path/to/repo

You can do that manually and it resolves the permissions issues.

Where the dedicated git/SCM front-ends get "fancy" is keeping track of which ssh keys are associated with which user, so they can do per-user permissions. But if you're not interested in enforcing anything like that, then the above is all you need to do.

But I'd still install gitlab or gitolite on your local server. Or do the GitHub thing.

 

[Red Squirrel]

I was hoping to have multiple user accounts but guess with the keys it works, so I can still revoke access if I need to.

Seems silly to me that the Linux permission system is so crappy that we need to resort to these things. In Windows you'd just assign a group to the folder, it would automatically inherit permissions for existing and any newly created file and then you put all the users in that group. You could even assign more than one group to a folder. So much more granular.

 

[dave_the_nerd]

I was hoping to have multiple user accounts but guess with the keys it works, so I can still revoke access if I need to.

Seems silly to me that the Linux permission system is so crappy that we need to resort to these things. In Windows you'd just assign a group to the folder, it would automatically inherit permissions for existing and any newly created file and then you put all the users in that group. You could even assign more than one group to a folder. So much more granular.

You can use ACLs to do that on file servers. I'm not sure if it'll work over SSH. (Never investigated it.)

From a sysadmin standpoint, the Windows model is more granular, but IME it's a freakin' PITA to manage unless you're on a domain and make heavy use of group memberships/permissions.