How to Configure Shared Git Repository Permissions for Multi-User Pull Access on Linux Servers


4 views

When setting up a shared Git repository on a staging server, we often need multiple developers to both pull from and potentially push to the same repository. The --shared flag in git-init provides partial functionality, but we need a more comprehensive solution for production environments.

The most reliable method is using Unix group permissions. Here's how to implement it:


# Create a dedicated group for developers
sudo groupadd gitusers

# Add users to the group
sudo usermod -a -G gituser developer1
sudo usermod -a -G gituser developer2

# Set directory permissions
chgrp -R gitusers /path/to/repo.git
chmod -R g+rwX /path/to/repo.git
find /path/to/repo.git -type d -exec chmod g+s '{}' +

For new repositories, initialize with proper shared settings:


git init --bare --shared=group project.git
cd project.git
git config core.sharedRepository group

To modify permissions for an existing repo:


cd existing-repo.git
git config core.sharedRepository group
chmod -R g+wX .
find . -type d -exec chmod g+s '{}' +

For secure remote access, configure SSH:


# In /etc/ssh/sshd_config
Match Group gitusers
    ChrootDirectory /git
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

Watch for these permission problems:


# Check effective permissions
getfacl /path/to/repo.git

# Debug git operations
GIT_TRACE=1 git pull

When working with Git on a shared staging server, you often need to allow multiple developers to access the same repository. The challenge arises with file permissions - by default, Git repositories created with git init don't automatically handle shared access well.

The proper way to handle this is using Git's built-in sharing mechanisms combined with proper Unix permissions:


# Initialize a shared repository
git init --shared=group

# Or convert an existing repository
git config core.sharedRepository group
chmod -R g+rwX .git

For a production environment, follow these steps carefully:


# 1. Create a shared group
sudo groupadd gitusers

# 2. Add users to the group
sudo usermod -a -G gituser developer1
sudo usermod -a -G gituser developer2

# 3. Set directory permissions
sudo chgrp -R gitusers /path/to/repo
sudo chmod -R g+rwX /path/to/repo
sudo find /path/to/repo -type d -exec chmod g+s '{}' +

# 4. Configure Git properly
cd /path/to/repo
git config core.sharedRepository group

Problem: Developers can't push due to permission errors.
Solution: Ensure the sticky bit is set on directories:


find /path/to/repo -type d -exec chmod g+s '{}' +

Problem: New files don't inherit group permissions.
Solution: Set the default ACL if your system supports it:


setfacl -d -m g::rwX /path/to/repo

For better performance and safety, consider using a bare repository:


git clone --bare /path/to/original /path/to/shared.git
cd /path/to/shared.git
git config --bool core.bare true

Developers can then clone from this bare repo:


git clone /path/to/shared.git working_copy
  • Never use chmod -R 777 as it creates security risks
  • Consider using Git hooks to enforce policies
  • Regularly audit group membership
  • Use SSH keys instead of password authentication