aboutsummaryrefslogtreecommitdiffstats
path: root/git-init-shared
diff options
context:
space:
mode:
authorWolfgang Müller2021-07-19 14:33:44 +0200
committerWolfgang Müller2021-07-19 14:33:44 +0200
commit18b50a7e0e92e4d710472b3537a025df5f581141 (patch)
tree051ae1ac66ca29028a6bf4af35ca5c68f4521486 /git-init-shared
parent1ae2a0d3dae621b788c83c35816b560c31188a61 (diff)
downloadgit-helpers-18b50a7e0e92e4d710472b3537a025df5f581141.tar.gz
git-init-shared: Allow adding users to ACLs subsequently
git-init(1) allows users to safely reinitialize a git repository. This is useful, for example, if new permissions are set with --shared. This commit adds similar functionality to git-init-shared(1) by not only setting the right ACLs on the toplevel directory (and relying on ACL inheritance through the default entry), but also making sure that the correct rights are set for all files that already exist in the repository. Where before a user had to run the right 'setfacl' invocation themselves to add a new user to the access lists, now the same is possible by simply invoking git-init-shared(1) again with the right user. For example, the following invocation adds access to both 'foo' and 'bar': git init-shared repo/ foo git init-shared repo/ bar
Diffstat (limited to 'git-init-shared')
-rwxr-xr-xgit-init-shared19
1 files changed, 16 insertions, 3 deletions
diff --git a/git-init-shared b/git-init-shared
index ea18234..c06f418 100755
--- a/git-init-shared
+++ b/git-init-shared
@@ -7,16 +7,29 @@ usage() {
exit 1
}
+acl_mask() {
+ # Set the ACL mask for the directory. The default mask will be inherited by
+ # new directories and files (where it will correctly be set to rw-)
+ setfacl -m "d:m:rwx" "$1"
+ setfacl -m "m:rwx" "$1"
+}
+
add_to_acl() {
- setfacl -m "d:u:$2:rwx" "$1"
- setfacl -m "u:$2:rwx" "$1"
+ # Recursively apply all necessary ACL settings as we may be reinitializing
+ # the git repository with additional authorised users.
+ # Take care *not* to recalculate the ACL mask (-n), since rwX translates to
+ # a mask of rwx even on non-directory files.
+ setfacl -Rnm "d:u:$2:rwX" "$1"
+ setfacl -Rnm "u:$2:rwX" "$1"
}
test $# -ge 1 || usage
dir=$1
shift
-mkdir "$dir"
+mkdir -p "$dir"
+
+acl_mask "$dir"
for user in "$(id -un)" "$@"; do
add_to_acl "$dir" "$user"