Published 2025-01-20.
Time to read: 3 minutes.
POSIX Groups
To allow more than one user to work with a shared directory,
a POSIX group should be created.
We can create a group called git_access with the
groupadd command:
mslinn@gojira ~ $ sudo groupadd git_access
To add user mslinn to group git_access,
use the usermod command:
mslinn@gojira ~ $ sudo usermod -aG git_access mslinn
Now let’s see the groups that user mslinn is a member of:
mslinn@gojira ~ $ groups mslinn mslinn : mslinn sudo www-data sambashare dev git_access
There are various ways of creating a shared directory for holding a bare Git repository.
For now, let’s just use the mkdir command to create a
shared directory at test_repo1.git.
Once a directory that needs to be shared has been created,
use the chgrp command to set its group ownership to the group you made for this purpose.
Note that chgrp requires sudo.
mslinn@gojira ~ $ mkdir test_repo1.git
mslinn@gojira ~ $ ls -ld test_repo1.git drwxrwxr-x 2 mslinn mslinn 4096 Jan 20 10:31 test_repo1.git
mslinn@gojira ~ $ sudo chgrp git_access test_repo1.git
mslinn@gojira ~ $ ls -ld test_repo1.git drwxrwxr-x 2 mslinn git_access 4096 Jan 20 10:28 test_repo1.git/
Now all users and processes that are members of the git_access group
effectively co-own the shared directory.
The group ownership of a shared directory will not propagate to the directory contents unless the shared directory’s SGID bit is set.
POSIX SGID Permission Bit
The POSIX Set Group ID (SGID) permission bit provides a convenient way of managing a shared directory. The SGID permission bit is normally set on bare Git repositories, so that all files in the repository are effectively owned by the same owner, even though they might have been contributed by different people.
When the SGID permission for a directory is set, new files and subdirectories created under that directory will inherit their group from that directory. Older files and subdirectories, which existed before the SGID permission was set, are unaffected. Also, copied directories do not inherit the SGID permission bit. Examples are shown later to demonstrate these situations.
When you list a directory with SGID set: if the directory owner has execute permission, the SGID status is displayed as the s permission, otherwise the SGID will be displayed as capital S.
Assigning Group Ownership to a Directory
The previous section concluded with an example of how to use the chgrp
command to set the group ownership for an existing directory that should be shared.
However, chgrp does not set the SGID permission bit.
You can use the chmod command to set the SGID permisison bit.
POSIX permissions
can be set using numeric values (e.g. 777) or symbolic notation (e.g. u+rwx,g+rws,o-rwx).
I prefer to use symbolic notation for manipulating the SGID permission bit.
mslinn@gojira ~ $ chmod g+s test_repo1.git
mslinn@gojira ~ $ ls -ld test_repo1.git drwxrwsr-x 2 mslinn git_access 4096 Jan 20 10:28 test_repo1.git/
You can also use the mkdir command with the --mode option
to create a directory with the SGID permission bit set.
Again, either numeric values or symbolic notation may be used.
mslinn@gojira ~ $ mkdir --mode=g+s test_repo2.git
mslinn@gojira ~ $ ls -ld test_repo2.git drwxrwsrwx 2 mslinn mslinn 4096 Jan 20 10:27 test_repo2.git/
Example
For example, if user mslinn owns directory test_repo3.git/,
and the directory’s group is git_access,
then setting SGID for test_repo3.git/
will cause all new files and subdirectories of test_repo3.git/ to inherit group ownership by
git_access when they are created.
New subdirectories will also inherit the SGID bit,
displayed in a listing as s.
mslinn@gojira ~ $ mkdir --mode=g+s test_repo3.git
mslinn@gojira ~ $ sudo chgrp git_access test_repo3.git
mslinn@gojira ~ $ ls -ld test_repo3.git drwxrws--- 2 mslinn git_access 4096 Jan 20 07:58 test_repo3.git/
mslinn@gojira ~ $ touch test_repo3.git/afile
mslinn@gojira ~ $ ls -l test_repo3.git/afile -rw-rw-r-- 1 mslinn git_access 0 Jan 20 08:05 test_repo3.git/afile
mslinn@gojira ~ $ mkdir test_repo3.git/adir
mslinn@gojira ~ $ ls -ld test_repo3.git/adir drwxrwsr-x 2 mslinn git_access 4096 Jan 20 08:06 test_repo3.git/adir/
Copying Into A Shared Directory
As you might expect, copying files and directories into a directory with SGID set affects their group ownership.
mslinn@gojira ~ $ ls -l ~/user.dict -rw-rw-r-- 1 mslinn mslinn 209 Aug 21 2015 /home/mslinn/user.dict
mslinn@gojira ~ $ cp ~/user.dict test_repo3.git/
mslinn@gojira ~ $ ls -l test_repo3.git/user.dict -rw-rw-r-- 1 mslinn git_access 209 Jan 20 08:16 test_repo3.git/user.dict
Copied directories do not inherit the SGID permission bit.
mslinn@gojira ~ $ cp -rp ~/.config/autostart/ test_repo3.git/
mslinn@gojira ~ $ ls -l test_repo3.git/ total 4 drwxrwxr-x 2 mslinn git_access 4096 Jan 20 10:54 autostart/
You can manually set the SGID permisison bit on all subdirectories within the shared directory.
Note that sudo is required.
mslinn@gojira ~ $ find test_repo3.git/ \ -mindepth 1 \ -type d \ -exec sudo chmod g+s {} \;
mslinn@gojira ~ $ ls -l test_repo3.git/ total 4 drwxrwsr-x 2 mslinn git_access 4096 Jan 20 10:54 autostart/
