Prevent Git from changing permissions on pull
One config setting that might help here is core.sharedRepository, presented in the blog post "Preserving Group Write on Git Objects in a Collaborative Repository":
The solution turned out to be fairly straightforward.
In the file.git/config, I added a line that read: "sharedRepository = group", like so:[core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true sharedRepository = groupThereafter, new files in
.git/objectswere created with the proper permissions for group write.
(However, note that new files are group-owned by the primary group of the user account via which the push was received. If the users collaborating on the project have different primary groups, and if those users do not share membership in that set of groups, you may still run into problems.)
Make sure of the value of your umask:
Example:
0660will make the repo read/write-able for the owner and group, but inaccessible to others (equivalent to group unlessumaskis e.g.0022).
2022 (10 years later), SyedAsadRazaDevops adds in the comments:
In Ubuntu (Linux), just go to the project repo and run this command
nano .git/configand addsharedRepository = groupin[core]section.
That would be the same as:
cd /path/to/repo
git config core.sharedRepository group
The solution I use is to run the command as the user that has the permissions you want to keep:
sudo -u user command
In this case, it could be:
sudo -u www-data git pull
www-data being the apache default user on Ubuntu at least.
This keeps the permissions from changing. I use it when updating git repositories on my VPS, while keeping the file permissions set to the webserver user.