NYCPHP Meetup

NYPHP.org

[nycphp-talk] Stupid Git File permission oddity

Gary A. Mort garyamort at gmail.com
Mon Nov 4 17:27:51 EST 2013


Lately I've been having trouble with dealing with using a git repo on 
different systems with different requirements and file permissions.

On MY system I am running a std LAMP setup, all the sourcecode is in my 
home director with ownership of gmort:www-data so that both I and the 
web server can edit files.

On the "live" system it is running a std LAMP setup, all the code is in 
a web directory, and the ownership is www-data:www-data

This means on my LOCAL system I want file permissions of 760 so both the 
web server and I have write access.  I also have execute set for me so I 
can run some shell scripts via the command line.

On the web server, I want file permissions of 600 so only the web server 
user can edit files.

The problem is Git keeps seeing these changing file permissions as 
changed files so using diff showed a lot of false positives.

The std solution on the web is to set filemode equal to false:
http://stackoverflow.com/questions/1580596/how-do-i-make-git-ignore-mode-changes-chmod

The problem is it doesn't explain WHY this works and I was still getting 
really odd results.  It wasn't till I was looking into how to write git 
hooks that I ran across this page and suddenly everything clicked:
http://git-scm.com/book/en/Git-Internals-Git-Objects

Git only stores 2 file permissions settings, it's either:
644 or 755

IE the file permissions are ALWAYS Owner:Read/Write,Group:Read,World:Read
The only difference is that it either stores them as executable[by 
owner, group, and world] or not executable.

Which makes sense when considering storing source code for a compiled 
application such as Linux.  With a compiled application, the file 
permissions on the source code aren't all that relevant - it's the file 
permissions for the deployed code that matter - so file permission is 
really basic.  All you need to know is whether a file should be 
executable[for shell scripts used in building the project and other 
things] or not.

Knowing that, I can stop being convinced that I'm doing something 
wrong.  Instead, I just need a small commit/checkout hook so that I can 
have the file permissions set properly when retrieved from the repo and 
just let them commit with the default 644 setting.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20131104/2ccde714/attachment.html>


More information about the talk mailing list