pullRemote clone dir permissions are extraneous
Opened this issue · 0 comments
coopernetes commented
When Git Proxy is running in a secure environment, the node process is likely running under some sort of user. This user should have local file permissions to create directories for the file-based DB (if used) as well as cloning repositories that are in-flight via Git Proxy. The pullRemote step expects to create a directory under .remote/{timestamp}
. Currently, that directory is expected to have full rwx permissions across user, group and everyone/world.
This is generally not best practice. In certain deployment environments such as Openshift, it's explicitly disallowed.
A simple fix is to create a directory with only user permissions which is typically rwxr-xr-x (0755) for directories.
Affected line: