Changes between Version 2 and Version 3 of Enforce umask setting for new gitolite repos

Timestamp:

04/29/25 21:52:51 (4 weeks ago)

Author:

enno

Comment:

--

Enforce umask setting for new gitolite repos

@@ -1 @@
-On your gitolite server
+== Background
 
-* Change to the /home/git/ directory
+By default, only the git user can access Gitolite repositories, as they are created with strict permissions.
 
-* Edit .gitoliterc
+In our setup, however, the tracd service also needs read access to these repositories.
 
-* Change the umask setting from 0077 (default) to 0027 to allow users of group git e.g. tracd to read the repository
+To enable this, we added the tracd user to the git group and configured Gitolite to allow group access by adjusting the default permissions for new repositories.
 
-NOTE: This will be applied to all '''new''' repos
+=== Change umask 
+
+On your Gitolite server:
+
+* Switch to the Gitolite user directory:
+
+{{{#!sh
+cd /home/git
+}}}
+
+* Open the .gitolite.rc configuration file in your editor.
+
+* Locate the UMASK setting and change it:
+
+From:
+
+$UMASK = 0077;
+
+To:
+
+$UMASK = 0027;
+
+----
+
+This change allows members of the git group — such as the tracd user — to read new repositories created by Gitolite.
+
+Note: This change only affects new repositories created after updating the UMASK. Existing repositories will retain their current permissions unless manually adjusted. Even manually adjusted permissions will be reverted after guix system reconfigure, thus cloning or copying existing bare repos into /home/git/repositories will cause hard to track problems
+
+📥 
+The most straightforward way to import an existing repository is to let gitolite create an empty repo, add this as a remote and push from your existing repo