Commits

ejucovy committed ec864e9

Notes for using a shared non-primary group for trac/git permissions

Comments (0)

Files changed (1)

 2. Ensure that the system user running the Trac process has filesystem
    read access to all gitolite repositories in the present and
    future.  The simplest way to do this is to run Trac as the gitolite
-   user; the more correct way is to add Trac to the gitolite user's
-   primary group and set ``UMASK=>0027`` in ``.gitolite.rc`` as well as
+   user; the more correct way is to add the Trac and Gitolite users to
+   a shared group, set ``UMASK=>0027`` in ``.gitolite.rc`` as well as
    running chmod to fix up permissions on the already-created files.
 3. Ensure that the system user running the Trac process can clone and
    push the gitolite-admin repository, by setting up an SSH keypair
 "git" with a homedir /home/git/ you will probably want to run a command 
 on your server like this::
 
-  sudo usermod -a -G git wsgi
-  sudo chmod -R g+rX /home/git/repositories/
+  sudo groupadd infra
+  sudo usermod -a -G infra wsgi
+  sudo usermod -a -G infra git
+  sudo chown -R git:infra /home/git/repositories/
+  sudo chmod -R g+rXs /home/git/repositories/
+
+(The +s ensures that new files created in the git repositories, like
+new commit objects in the repos, will retain the "infra" group-ownership
+rather than reverting to the git user's primary group.)
 
 You will also need to ensure that Trac can continue to read all needed
 files over time.  One way to do this is to set the UMASK setting in
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.