guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: services: gitolite: Relax permissions on service

From: guix-commits
Subject: branch master updated: services: gitolite: Relax permissions on service user home directory.
Date: Tue, 30 Aug 2022 12:37:34 -0400 
This is an automated email from the git hooks/post-receive script.

davexunit pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new 9b5b1dde32 services: gitolite: Relax permissions on service user home 
directory.
9b5b1dde32 is described below

commit 9b5b1dde32b9526cd39b51978209ba3e61b6c785
Author: David Thompson <dthompson2@worcester.edu>
AuthorDate: Fri Aug 19 09:20:06 2022 -0400

    services: gitolite: Relax permissions on service user home directory.
    
    Fixes https://issues.guix.gnu.org/56444
    
    * gnu/services/version-control.scm (gitolite-activation): Modify permissions
      on home directory so that git group has read access.
    
    Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>
    
    Experienced by David Thompson for years, wondering what was wrong. Thanks 
for
    finding the root cause, Evgeny! :)
---
 gnu/services/version-control.scm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index defbd65c36..17a5f9c867 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -331,6 +331,14 @@ access to exported repositories under @file{/srv/git}."
                                (strip-store-file-name admin-pubkey))))
                 (rc-file #$(string-append home "/.gitolite.rc")))
 
+           ;; activate-users+groups in (gnu build activation) sets the
+           ;; permission flags of home directories to #o700 and mentions that
+           ;; services needing looser permissions should chmod it during
+           ;; service activation.  We also want the git group to be able to
+           ;; read from the gitolite home directory, so a chmod'ing we will
+           ;; go!
+           (chmod #$home #o750)
+
            (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file)
            (copy-file #$rc-file rc-file)
            ;; ensure gitolite's user can read the configuration
reply via email to
[Prev in Thread] Current Thread [Next in Thread]