From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id 5E4FD1F5AE for ; Thu, 18 Jun 2020 18:32:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728931AbgFRSc3 (ORCPT ); Thu, 18 Jun 2020 14:32:29 -0400 Received: from pb-smtp20.pobox.com ([173.228.157.52]:52944 "EHLO pb-smtp20.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727045AbgFRSc2 (ORCPT ); Thu, 18 Jun 2020 14:32:28 -0400 Received: from pb-smtp20.pobox.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id A8A2DD9390; Thu, 18 Jun 2020 14:32:26 -0400 (EDT) (envelope-from junio@pobox.com) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=sasl; bh=Oo3Bf5HPc7yOUvnuTAU7Ou3lFFI=; b=hmgUaI Ne2/6K85FjPYLSi4BpCatF5UR5G8T5Fdqa6o0QaORQUJhqtjYdl5UgJdH1fihs99 iqqAjDoA/B4lG7kdu7G4XDjUhBGAab5ES2IG5yXIpGo0T/EuKfpe52tIvL6fqzx+ /22G+4lLdPPwx3psILRXeL5a5gvt8hRRcUQNQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; q=dns; s=sasl; b=VFED9HWENzBzevgsQyuh6mD3DSmg0ufy q7uP9QtOHQR10M9e2X6WOrHnJQE/OwBIP+IYyOReLheZ/24M5wBg+yYrucnaWJi3 g9jdg4aGMJ/t34w5zHlgrQv9FdhOzisDj/sSIIZfg5eCqWqxWHLrG2FF0kT6uOiN /JKexsGGO6k= Received: from pb-smtp20.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp20.pobox.com (Postfix) with ESMTP id A0F13D938F; Thu, 18 Jun 2020 14:32:26 -0400 (EDT) (envelope-from junio@pobox.com) Received: from pobox.com (unknown [35.196.173.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp20.pobox.com (Postfix) with ESMTPSA id E2D71D938D; Thu, 18 Jun 2020 14:32:23 -0400 (EDT) (envelope-from junio@pobox.com) From: Junio C Hamano To: "Riddell\, Matthew A" Cc: "git\@vger.kernel.org" Subject: Re: Git config command ignores explicitly set file permissions References: Date: Thu, 18 Jun 2020 11:32:21 -0700 In-Reply-To: (Matthew A. Riddell's message of "Thu, 18 Jun 2020 13:13:57 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: 0D94DBF2-B192-11EA-8C57-B0405B776F7B-77302942!pb-smtp20.pobox.com Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org "Riddell, Matthew A" writes: > I noticed while working with Git that the file permissions on the > gitconfig file is ignored and the parent folder permissions are > used instead to update the file. An example is as follows: > > Before running git config ensure the user running the command is > not able to edit the file but has read access to the file. Ensure > the User has full access to the parent folder. After running any > git config command the user previously without edit permissions on > a file can now edit the config file. That is pretty much how things are intended to work on a filesystem and is not limited to Git. Your arrangement, contrary to what you said, does not "ensure the user running the command is not able to edit but has read access". mkdir newdir chmod +rwx newdir >newdir/file chmod a-w newdir/file would not forbid you from doing rm -f newdir/file ehco new >newdir/file In other words, if you allow your user to write to a directory, you cannot forbid the user from creating and removing files in it.