Setup a shared GIT repository on a shared server

When deploying to a staging server it is normal that different users do git pull on the repository cloned on the server. The problem is that when new files exist, the files are created with default permissions (read/write by user, not group) and cause trouble when another user tries to do a git pull.

For this recipe we will assume:

repo url: https://github.com/Jobsity/job-application
unix group: project1
unix user 1: marcelo
unix user 2: camilo

1. On the local dev environments

For new repos, pass the umask 0002 value to the –shared variable at init time:

root@87185a92c2f2:/tmp# mkdir shared-repo
root@87185a92c2f2:/tmp# cd shared-repo/
root@87185a92c2f2:/tmp/shared-repo# git init --shared=0002
root@87185a92c2f2:/tmp/shared-repo# git config -l
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
core.sharedrepository=2
receive.denynonfastforwards=true

For existing repos, we need to setup the sharedRepository config like this:

git config core.sharedrepository 0002

And push to github/bitbucket or whatever server we are using to centralize the code.

2. On the shared server

Create groups per project as owners of the deployed repositories. For example project1 will be the ‘owner’ of the repository.

groupadd project1

Users need to be created inside a group that is going to be the ‘owner’ of the repository. For example, create user marcelo inside group project1

adduser --ingroup project1 marcelo
adduser --ingroup project1 camilo

3. On the shared server

Clone the repository and change the shared config:

git clone https://github.com/Jobsity/job-application
cd job-application
git config core.sharedrepository 0002

4. In the shared server, as root, only once unless something happens and the permissions are screwed

We need to set the right permissions to the full repo directory and set the default group.

chgrp -R project1 job-application
chmod -R g+swX job-application

Additional info: ServerFault answer

5. On the day to day to update the app on the server

Any user with the group that the repo is configured can do a git pull; in our case: marcelo or camilo.

git pull origin