We are using git for source code management and own a SLES server which we use as a remote for our git repositories. We access git with SSH, using the real user names, not the single git user alternative, which would authenticate through the authorized_keys file of the git user.
A while ago, I figured out a problem with pushing to our remote. One user was able to push while another user was not able to push. So I began to analyze, why certain users are not able to push. I finally figured out what the root cause was: A bare repository on the remote always has a directory named objects, where commits are finally saved through the push process. This directory contains sub directory with the first two characters of a hash value. If a directory has not been created yet, it is created during a push to the remote.
And here's the mysterious thing about it, I cannot explain to myself: Some users create these directories with permissions rwxrwsr-x, while other users create them with rwxr-swr-x. As you can see, the set-gid bit is set, which is OK. But I cannot really explain why some users create directories with group write permissions while others do not.
The pitfall here is that if user A creates a directory without group write permissions and user B calculates a hash value that begins with the two characters of the already created directory of user A, user B cannot place files (commits) in that same directory, which makes it impossible to push to the remote for user B.
I have already watched out for default umask settings, that are probably different, but could not find different settings. All users on our SLES server have the default mask 0022, which will result in files being created with rw-r--r-- and directories with rwxr-xr-x. And this is the second mystery: Why do some users create directories in git with rwxrwsr-x (which is correct for git and intended), despite of the umask 0022?
Has anyone hints for me for further troubleshooting? What I want to achieve is that users create the objects sub directories with rwxrwsr-x.