I'm trying to set fine grained access control to various mercurial repositories using ACL. When I push changes to repository any new files created under /myrepo/.hg/store/data
do not have default permissions and users can't access them.
The issue is reproducible. Assume the user "myuser" is part of www-data group. On the server:
hg init /tmp/test
chown root:root /tmp/test
chmod 770 /tmp/test
setfacl -Rdm g:www-data:rwx /tmp/test
setfacl -Rm g:www-data:rwx /tmp/test
On a windows box with TortoiseHg, set to use plink.exe
for ssh with shared key:
hg clone ssh://myuser@servername//tmp/test test
#add file test1.txt and commit to test
hg push ssh://myuser@server//tmp/test
cd ..
hg clone ssh://myuser@servername//tmp/test test2 <---FAIL
Back on the server checking ACL
getfacl /tmp/test/.hg/store/data/test1.txt.i
# file: tmp/test/.hg/store/data/test1.txt.i
# owner: myuser
# group: myuser
user::rw-
group::rw-
other::r--
So the new file was not created with default permissions I added to parent folder /tmp/test
. This problem also happens when you do hg pull
on the server and hg serve
on the client.
My /etc/fstab
is mounting the partition with "default,acl" options. Also touch /tmp/test/test1
creates file with appropriate default permissions as expected
Edit
- Mercurial version: 2.0.2-1ubuntu1
- Linux Ubuntu 12.04
Best Answer
Here's what's probably happening:
Fix: set proper traditional Unix permissions on your repository.