Skip to content

Commit 7aba618

Browse files
moygitster
moy
authored and
gitster
committed
Add a testcase for ACL with restrictive umask.
Right now, Git creates unreadable pack files on non-shared repositories when the user has a umask of 077, even when the default ACLs for the directory would give read/write access to a specific user. Loose object files are created world-readable, which doesn't break ACLs, but isn't necessarily desirable. Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent e923eae commit 7aba618

File tree

1 file changed

+67
-0
lines changed

1 file changed

+67
-0
lines changed

t/t1304-default-acl.sh

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
#!/bin/sh
2+
#
3+
# Copyright (c) 2010 Matthieu Moy
4+
#
5+
6+
test_description='Test repository with default ACL'
7+
8+
# Create the test repo with restrictive umask
9+
# => this must come before . ./test-lib.sh
10+
umask 077
11+
12+
. ./test-lib.sh
13+
14+
# We need an arbitrary other user give permission to using ACLs. root
15+
# is a good candidate: exists on all unices, and it has permission
16+
# anyway, so we don't create a security hole running the testsuite.
17+
18+
if ! setfacl -m u:root:rwx .; then
19+
say "Skipping ACL tests: unable to use setfacl"
20+
test_done
21+
fi
22+
23+
modebits () {
24+
ls -l "$1" | sed -e 's|^\(..........\).*|\1|'
25+
}
26+
27+
check_perms_and_acl () {
28+
actual=$(modebits "$1") &&
29+
case "$actual" in
30+
-r--r-----*)
31+
: happy
32+
;;
33+
*)
34+
echo "Got permission '$actual', expected '-r--r-----'"
35+
false
36+
;;
37+
esac &&
38+
getfacl "$1" > actual &&
39+
grep -q "user:root:rwx" actual &&
40+
grep -q "user:${LOGNAME}:rwx" actual &&
41+
grep -q "mask::r--" actual &&
42+
grep -q "group::---" actual || false
43+
}
44+
45+
dirs_to_set="./ .git/ .git/objects/ .git/objects/pack/"
46+
47+
test_expect_success 'Setup test repo' '
48+
setfacl -m u:root:rwx $dirs_to_set &&
49+
setfacl -d -m u:"$LOGNAME":rwx $dirs_to_set &&
50+
setfacl -d -m u:root:rwx $dirs_to_set &&
51+
52+
touch file.txt &&
53+
git add file.txt &&
54+
git commit -m "init"
55+
'
56+
57+
test_expect_failure 'Objects creation does not break ACLs with restrictive umask' '
58+
# SHA1 for empty blob
59+
check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
60+
'
61+
62+
test_expect_failure 'git gc does not break ACLs with restrictive umask' '
63+
git gc &&
64+
check_perms_and_acl .git/objects/pack/*.pack
65+
'
66+
67+
test_done

0 commit comments

Comments
 (0)