Using Git without Sudo in many accounts

11
votes

How can you use Git without Sudo in multiple accounts in one Ubuntu?

My Ubuntu has many accounts. The creation of new accounts has made Git inaccessible by me without sudo.

I changed the owner to be me, masi, and the group to be admin where the masi belongs to. I have the following permissions for Git

800 -rwxrwxrwx 1 masi admin 813744 2009-02-20 23:01 /usr/bin/git

I get the following message in trying to use Git

git status
fatal: unable to create '.git/index.lock': Permission denied

I run find . -iregex ".*index.l.* which returns no matches so there seems to be no index.lock in locking the system. I run the same command also with sudo unsuccessfully.

5
gitubuntusudo
"The creation of new accounts has made Git inaccessible by me without sudo." You should take this as a sign that something is wrong with either your account, your system configuration, or your installation. That is extremely abnormal behaviour -- git is a normal userspace application, accessible by all ordinary users in a normal Ubuntu install.kampu
For reference, the correct permissions/ownership for /usr/bin/git* are 755 / root.root, as indicated in hillu's answer. You may have accidentally set the permissions so that only group members or the owner could execute 'git' (ie. permissions are 744 aka -rwxr--r-- rather than 755). Failing to correct those permissions represents a serious security risk to your system.kampu
I believe several pages on web suggest to perform config with commands like : sudo git config --global user.name "Your Name" and this generates problems in the .git ownership. In multi-user OS, it is way better to use git config without sudo.hjohanns

5 Answers

18
votes

If I understand your question correctly, you need grant several *nix user accounts write access to the same git repository. Using the --share command line argument for git init should enable this. The GitWiki has a few words to say about this. This should do the trick:

git --bare init --shared=all

If you have already created your repository, you might be able to convert it to a "shared repository" by throwing this command:

git repo-config core.sharedRepository true

in your repository, as mentioned in a blog post at moserei.de.

2014 update: This is still possible but the command has changed from repo-config to config.

git config core.sharedRepository true
8
votes

Git is meant to be distributed. So, every user should be having a separate repository of his/her own. The above method contradicts this methodology. Apart from that, I suspect the permissions of the .git directory.

5
votes

I would guess the ownership of the .git directory are the problem.

You shouldn't use one source tree from different users - it's likely to lead to problems.

The git executable is not the issue. It should be owned by root, and have 755 permissions. (-rwxr-xr-x)

In other words you can use git from multiple accounts, but you shouldn't share a single working directory.

3
votes

Having the permissions of any executable set so that a normal user can overwrite the executable is a considerable security risk. (Try overwriting /usr/bin/git with a shell script that calls rm -rf $HOME.)

Change the permissions back to 755 and make git owned by root:root again. (Ubuntu's package manager would reset the permissions on the next upgrade anyhow unless you used dpkg-statoverride(8))

I agree with those who say that it may not be a good idea to have multiple users share one git repository. If you still think that it is necessary, consider setting up a new group, chgrp the directory holding the repository and all the files therein to that group andset the setgid bit on the directories. (The --shared parameter to git init may do some of this for you, too.) Then, add all the users to the group that should have commit rights.

0
votes

You can verify members using

members groupname

Then you can set the permission level for the username:groupname pair,

change the ownership
sudo chown -v -R username:groupname sprout
chmod -R g+w .git/*