June 10, 2009
I setup my Mercurial repository in the same way we used to do CVS, then SVN: A directory owned by a group, with the GUID bit, and all users who need to commit are in that group.
The steps are, create the group and add relevant users to it:
sudo groupadd topsecretgroup sudo usermod -a -G topsecretgroup graham
Change the project directory to be owned by that group, and accessible by no-one else:
cd topsecretproject/ sudo chown graham:topsecretgroup -R . sudo chmod g=u,o= -R .
Set the GUID bit on all the directories, so that new files and directories are created owned by the group:
find . -type d | sudo xargs chmod g+s
Change the umask for everyone, so that new files are created with read and write permissions for the group:
sudo vim /etc/profile
umask 022 to
The last part, changing the umask, isn’t ideal. It works on Debian and Ubuntu, because every user has their own group. I would rather a more focused solution, just for that directory – suggestions welcome.