git push error, unable to write sha1 filename ./objects

Question

Here is a problem.

I create a new repository with

mkdir -p repositories/project.git
cd repositories/project.git
git init --bare --shared=all

The repository is at shared local folder. UMASK is 022.

Later on, folks in my team are able to clone the project and push a few changes. However, soon they come across this issue when they try to do 'git push'.

error: unable to write sha1 filename ./objects/3c/c2f933427a4215d3237a0c3b874a4ff16725: Permission denied
To myaccountname@nameofthecomputer:/repositories/project.git
 ! [remote rejected] master -> master (unable to migrate objects to permanent storage)
error: failed to push some refs to 'myaccountname@nameofthecomputer:/repositories/project.git'

The problem is obviously in the way git creates some internal files/objects, because if I do:

sudo chmod -R 777 project.git

the problem is temporarily gone.

What am I doing wrong?

Answer 1

git init --shared=all makes the repository readable by all users, but not writable by all users. Making any directory writable by all users (without using the sticky bit) is generally a colossal security risk, so Git doesn't provide that as an option.

If you want people to all be able to write to a Git repository this way, then places them all in a single group, say git. Change the main repository and all of its subdirectories to have that group, and make each directory setgid. That means that each directory and file that's created will have the group git. Since with --shared=all, Git will make all files and directories writable by that group, users should be able to push normally to the repository.

Note that the umask is not relevant here, since Git will adjust the permissions to honor the setting you specified.