shared repository: optionally allow reading to "others".
authorJunio C Hamano <junkio@cox.net>
Sat, 10 Jun 2006 06:09:49 +0000 (23:09 -0700)
committerJunio C Hamano <junkio@cox.net>
Sat, 10 Jun 2006 08:31:31 +0000 (01:31 -0700)
This enhances core.sharedrepository to have additionally
specify that read and exec permissions to be given to others as
well.  It is useful when serving a repository via gitweb and
git-daemon that runs as a user outside the project group.

The configuration item can take the following values:

    [core]
sharedrepository   ; the same as "group"
sharedrepository = true  ; ditto
sharedrepository = 1  ; ditto
sharedrepository = group ; allow rwx to group
sharedrepository = all   ; allow rwx to group, allow rx to other
sharedrepository = umask ; not shared - use umask

It also extends "git init-db" to take "--shared=all" and friends
from the command line.

Signed-off-by: Junio C Hamano <junkio@cox.net>
builtin-init-db.c
cache.h
environment.c
path.c
setup.c

index 6a24e9bcab4a7b364b69f9ccf2ae822c40873895..7fdd2fa9f9f7fb2801c6e1fc398f78b414a269e1 100644 (file)
@@ -263,7 +263,9 @@ int cmd_init_db(int argc, const char **argv, char **envp)
                if (!strncmp(arg, "--template=", 11))
                        template_dir = arg+11;
                else if (!strcmp(arg, "--shared"))
-                       shared_repository = 1;
+                       shared_repository = PERM_GROUP;
+               else if (!strncmp(arg, "--shared=", 9))
+                       shared_repository = git_config_perm("arg", arg+9);
                else
                        die(init_db_usage);
        }
@@ -301,8 +303,15 @@ int cmd_init_db(int argc, const char **argv, char **envp)
        strcpy(path+len, "/info");
        safe_create_dir(path, 1);
 
-       if (shared_repository)
-               git_config_set("core.sharedrepository", "true");
+       if (shared_repository) {
+               char buf[10];
+               /* We do not spell "group" and such, so that
+                * the configuration can be read by older version
+                * of git.
+                */
+               sprintf(buf, "%d", shared_repository);
+               git_config_set("core.sharedrepository", buf);
+       }
 
        return 0;
 }
diff --git a/cache.h b/cache.h
index d5d7fe4f8c66b2fa39a33361b8efae56e3dbf742..1b8e053f2850c9f70089ad0eebc8d12518f1fc39 100644 (file)
--- a/cache.h
+++ b/cache.h
@@ -208,6 +208,12 @@ extern const unsigned char null_sha1[20];
 
 int git_mkstemp(char *path, size_t n, const char *template);
 
+enum sharedrepo {
+       PERM_UMASK = 0,
+       PERM_GROUP,
+       PERM_EVERYBODY
+};
+int git_config_perm(const char *var, const char *value);
 int adjust_shared_perm(const char *path);
 int safe_create_leading_directories(char *path);
 char *safe_strncpy(char *, const char *, size_t);
index 2e79eab18d322b61e783f45758fdbdc5210de13c..3de8eb3b2a2359a9f8a9f702076292f1e1429df3 100644 (file)
@@ -18,7 +18,7 @@ int log_all_ref_updates = 0;
 int warn_ambiguous_refs = 1;
 int repository_format_version = 0;
 char git_commit_encoding[MAX_ENCODING_LENGTH] = "utf-8";
-int shared_repository = 0;
+int shared_repository = PERM_UMASK;
 const char *apply_default_whitespace = NULL;
 
 static char *git_dir, *git_object_dir, *git_index_file, *git_refs_dir,
diff --git a/path.c b/path.c
index 5168b5f17dfc63bfaf5386e779806fba052edf49..5d82503b6bd0a384b7918f2df497972f9492efa5 100644 (file)
--- a/path.c
+++ b/path.c
@@ -262,11 +262,21 @@ int adjust_shared_perm(const char *path)
                return -1;
        mode = st.st_mode;
        if (mode & S_IRUSR)
-               mode |= S_IRGRP;
+               mode |= (shared_repository == PERM_GROUP
+                        ? S_IRGRP
+                        : (shared_repository == PERM_EVERYBODY
+                           ? (S_IRGRP|S_IROTH)
+                           : 0));
+
        if (mode & S_IWUSR)
                mode |= S_IWGRP;
+
        if (mode & S_IXUSR)
-               mode |= S_IXGRP;
+               mode |= (shared_repository == PERM_GROUP
+                        ? S_IXGRP
+                        : (shared_repository == PERM_EVERYBODY
+                           ? (S_IXGRP|S_IXOTH)
+                           : 0));
        if (S_ISDIR(mode))
                mode |= S_ISGID;
        if (chmod(path, mode) < 0)
diff --git a/setup.c b/setup.c
index fe7f8846962d1c656d258384dbfa466031e28896..4612f110ee0beaeada3cb31ce7d47ad7175eec9c 100644 (file)
--- a/setup.c
+++ b/setup.c
@@ -219,12 +219,27 @@ const char *setup_git_directory_gently(int *nongit_ok)
        return cwd + offset;
 }
 
+int git_config_perm(const char *var, const char *value)
+{
+       if (value) {
+               if (!strcmp(value, "umask"))
+                       return PERM_UMASK;
+               if (!strcmp(value, "group"))
+                       return PERM_GROUP;
+               if (!strcmp(value, "all") ||
+                   !strcmp(value, "world") ||
+                   !strcmp(value, "everybody"))
+                       return PERM_EVERYBODY;
+       }
+       return git_config_bool(var, value);
+}
+
 int check_repository_format_version(const char *var, const char *value)
 {
        if (strcmp(var, "core.repositoryformatversion") == 0)
                repository_format_version = git_config_int(var, value);
        else if (strcmp(var, "core.sharedrepository") == 0)
-               shared_repository = git_config_bool(var, value);
+               shared_repository = git_config_perm(var, value);
        return 0;
 }