Questions about permission and rights access

[Fulgurance]

Hi guys, I try to understand something , because actually I can't get the result I would like.

Basically, for the package manager I made ISM, I would like every user in the group ISM can run the software.

But I am facing an issue. ISM sometimes need to run git commands. When for example it run git ls-remote, even the current user is in the ism group, git ls-remote just get an error
But if I login as user ism, it work. Do I need to set something more ?

To make you understand, it's what I did under my custom linux system:

Code: Select all

# alienware-m17-r3|root / 
>_ cd /var/ism/softwares/InitSystems-Main/
# alienware-m17-r3|root /var/ism/softwares/InitSystems-Main 
>_ ls -la
total 0
drwxrwxrwx 1 ism ism   20 Feb 21 14:46 .
drwxrwxrwx 1 ism ism 1358 Feb 21 10:33 ..
drwxrwxrwx 1 ism ism  154 Feb 18 10:36 .git
drwxrwxrwx 1 ism ism   24 Feb 16 21:29 Openrc
# alienware-m17-r3|root /var/ism/softwares/InitSystems-Main 
>_ git ls-remote 
fatal: No remote configured to list refs from.
# alienware-m17-r3|root /var/ism/softwares/InitSystems-Main 
>_ su - livecd
$ alienware-m17-r3|livecd /home/livecd 
>_ groups
livecd video wheel ism plugdev
$ alienware-m17-r3|livecd /home/livecd 
>_ git ls-remote
fatal: No remote configured to list refs from.
$ alienware-m17-r3|livecd /home/livecd 
>_ exit
logout
# alienware-m17-r3|root /var/ism/softwares/InitSystems-Main 
>_ su - ism
No directory, logging in with HOME=/
$ alienware-m17-r3|ism / 
>_ cd /var/ism/softwares/InitSystems-Main
$ alienware-m17-r3|ism /var/ism/softwares/InitSystems-Main 
>_ git ls-remote
From https://github.com/Fulgurance/InitSystems-Main
e9b4afbb8d264f20aa209c31bbd3ddd044e95df8        HEAD
e9b4afbb8d264f20aa209c31bbd3ddd044e95df8        refs/heads/master
c7f2b76df983036f244486d96f2c649f1685bedb        refs/tags/Alpha-07072023

[szatox]

2 things from the top of my head:

A single copy of git is supposed to be used by a single user.
It _can_ be configured to be used by a group, instead, but doing so you risk linux permissions getting in your way, so you shouldn't do that unless you can guarantee g+rw permissons on all files tracked by your repo. In case of a package manager, you can't.
So, what can you do about it?
1. Have ism switch user to a dedicated account.
2. (Shallow) clone your repo to a temporary location and work on it instead.
3. Set git to shared mode and then checkout to a new, disposable worktree, outside of repo directory. (This is basically #2, but won't instantly catch all your mistakes, so you get an opportunity to shoot your foot)


However, git started on a non-shared repo from a wrong user should tell you that it's not a shared repo and you're a wrong user. It should _refuse_ to work, and not _fail_ to work.

fatal: No remote configured to list refs from.

This looks like you actually managed to damage the repo somehow.
Except that it works on root. Root ignores access permissions.
Remotes are listed in .git/config. Can your user even access it?

[Fulgurance]

Yes it's the weird point as I mentioned before. As you can see, when I login as ism user (so not root), it can read it. But not the other users, even root

[szatox]

Right. But that just means you have 2 problems there.
I understand why you don't want your system doing things you didn't expect. Can you read that git config manually from a wrong user rather than implicitly by invoking git? It's just a text file.
Is your repo configured to be shared by multiple users?

Regardless of the answers to above questions, you really shouldn't be sharing repos between users. I do get why you'd want to, but it will come back to bite you.

[Fulgurance]

Yes, these repositories can be shared by all users in the group ism

But you said the file can be parse easily ? Maybe will be better I follow this way. Which file is it ?

[szatox]

All metadata in git is text files, only the history is compressed (in .git/objects)
Remotes are listed in .git/config