From 18b50a7e0e92e4d710472b3537a025df5f581141 Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Mon, 19 Jul 2021 14:33:44 +0200 Subject: git-init-shared: Allow adding users to ACLs subsequently git-init(1) allows users to safely reinitialize a git repository. This is useful, for example, if new permissions are set with --shared. This commit adds similar functionality to git-init-shared(1) by not only setting the right ACLs on the toplevel directory (and relying on ACL inheritance through the default entry), but also making sure that the correct rights are set for all files that already exist in the repository. Where before a user had to run the right 'setfacl' invocation themselves to add a new user to the access lists, now the same is possible by simply invoking git-init-shared(1) again with the right user. For example, the following invocation adds access to both 'foo' and 'bar': git init-shared repo/ foo git init-shared repo/ bar --- git-init-shared | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'git-init-shared') diff --git a/git-init-shared b/git-init-shared index ea18234..c06f418 100755 --- a/git-init-shared +++ b/git-init-shared @@ -7,16 +7,29 @@ usage() { exit 1 } +acl_mask() { + # Set the ACL mask for the directory. The default mask will be inherited by + # new directories and files (where it will correctly be set to rw-) + setfacl -m "d:m:rwx" "$1" + setfacl -m "m:rwx" "$1" +} + add_to_acl() { - setfacl -m "d:u:$2:rwx" "$1" - setfacl -m "u:$2:rwx" "$1" + # Recursively apply all necessary ACL settings as we may be reinitializing + # the git repository with additional authorised users. + # Take care *not* to recalculate the ACL mask (-n), since rwX translates to + # a mask of rwx even on non-directory files. + setfacl -Rnm "d:u:$2:rwX" "$1" + setfacl -Rnm "u:$2:rwX" "$1" } test $# -ge 1 || usage dir=$1 shift -mkdir "$dir" +mkdir -p "$dir" + +acl_mask "$dir" for user in "$(id -un)" "$@"; do add_to_acl "$dir" "$user" -- cgit v1.2.3-2-gb3c3