4

After some digging and help here from other people, I found out that I have a problem with the umask setting in git. What I want to achieve is that any git repo that is being checked out on my server, that the umask setting defaults to 0002. I don't want to have to configure this in every post-receive hook... I want this to be the default umask. How do I achieve that?

My repositories are uploaded by logging in to ssh with the git user on the server. When I check the umask setting, this is already set to the right setting:

root@server:~# su git 
git@server:~$ umask
0002

However, if I put umask > /tmp/debug.log in my post-receive hook, then that file shows an umask of 0077! What causes this to be different?

The root server also has the same umask and I just can't figure out why the umask is different when I check out a repository. If I change to the git user and create a file, then all works well:

git@server:~$ touch newfile
git@server:~$ ls -la
total 8
-rw-rw-r-- 1 git git    0 Aug  6 02:17 newfile
-rw------- 1 git git    0 Aug  6 02:16 post

newfile is the file I just created, The post file is a file I checked out via git, clearly with different permissions. I also added umask to the .bashrc of the git user, but to no avail:

git@server:~$ cat ~/.bashrc 
export LANGUAGE="en_US.UTF-8"
export LC_ALL="en_US.UTF-8"
export LANG="en_US.UTF-8"
export LC_TYPE="en_US.UTF-8"
umask 0002

For what it's worth, I use gitolite to manage my repositories.

And this an example post-receive hook script I use:

#!/bin/sh
export GIT_WORK_TREE=/home/user/www/
git checkout -f
user32421
  • 679
  • 1
  • 6
  • 14

2 Answers2

2

You need to locate the startup scripts used by the shell when invoked from the post-receive hook, in non-interactive mode.

If your hook script starts with #!/bin/sh, then look at man sh and look for mentions of rcfiles like .profile, /etc/profile, .bashrc or similar. The man page of the shell used should explain what files are sourced in case of interactive and non-interactive shells. You're looking for the files used in non-interactive mode.

If this is still not clear from the man page, you can find what /bin/sh links to using namei /bin/sh, and run the command with --help.

To verify what you understood from the scripts used in the startup sequence, you can add some debugging lines in the suspected script files, for example:

{ echo this is file x; umask; } >> /tmp/debug.log

And then get the post-receive hook triggered and look at /tmp/debug.log.

janos
  • 109,862
  • 22
  • 193
  • 214
2

So it turns out it does matter that I am using gitolite. Why? Because there is a setting in the gitolite configuration that dictates the umask of new files. Oddly I never had to change this setting in previous gitolite installs, but perhaps the default has been changed. In any way, here is how I finally sorted it out:

Open the ~/.gitolite.rc file:

Locate this line:

$REPO_UMASK = 0077;

And change it to the setting of choice, eg:

$REPO_UMASK = 0002;

Things finally worked afterwards!

user32421
  • 679
  • 1
  • 6
  • 14