annex object file mode for core.sharedRepository

When core.sharedRepository is set, annex object files are not made mode
444, since that prevents a user other than the file owner from locking
them. Instead, a mode such as 664 is used in this case.

Annex/Content.hs

@@ -699,18 +699,21 @@ preseedTmp key file = go =<< inAnnex key
 				)
 		)
 
-{- Blocks writing to an annexed file, and modifies file permissions to
+{- Normally, blocks writing to an annexed file, and modifies file
- - allow reading it, per core.sharedRepository setting. -}
+ - permissions to allow reading it.
+ -
+ - When core.sharedRepository is set, the write bits are not removed from
+ - the file, but instead the appropriate group write bits are set. This is
+ - necessary to let other users in the group lock the file.
+ -}
 freezeContent :: FilePath -> Annex ()
 freezeContent file = unlessM crippledFileSystem $
 	withShared go
   where
 	go GroupShared = liftIO $ modifyFileMode file $
-		removeModes writeModes .
+		addModes [ownerReadMode, groupReadMode, ownerWriteMode, groupWriteMode]
-		addModes [ownerReadMode, groupReadMode]
 	go AllShared = liftIO $ modifyFileMode file $
-		removeModes writeModes .
+		addModes (readModes ++ writeModes)
-		addModes readModes
 	go _ = liftIO $ modifyFileMode file $
 		removeModes writeModes .
 		addModes [ownerReadMode]

debian/changelog

@@ -6,6 +6,9 @@ git-annex (5.20151117) UNRELEASED; urgency=medium
   * Display progress meter in -J mode when downloading from the web.
   * map: Improve display of git remotes with non-ssh urls, including http
     and gcrypt. 
+  * When core.sharedRepository is set, annex object files are not made mode
+    444, since that prevents a user other than the file owner from locking
+    them. Instead, a mode such as 664 is used in this case.
 
  -- Joey Hess <id@joeyh.name>  Mon, 16 Nov 2015 16:49:34 -0400
 

doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others.mdwn

@@ -247,3 +247,5 @@ git-annex: .git/annex/unused: openFile: permission denied (Permission denied)
 
 # End of transcript or log.
 """]]
+
+> [[fixed|done]] --[[Joey]]

doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others/comment_1_5c06ab75371237a263c836da45106707._comment

@@ -0,0 +1,28 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-11-18T19:35:52Z"
+ content="""
+More simply stated, user A adds a file, which sets its perms to 444, and
+user B can't change those perms to lock the file for removal.
+
+In sharedRepository mode, the object directory's perms are already
+weakened, to eg 775 rather than the default 555, for the same reason;
+another user with shared access can't chmod the object directory to allow
+writing to it. That just needs to be extended from object directory to
+object file to fix this.
+
+But, that means that the object file will be mode 664, rather than
+444, and so git-annex can't prevent accidental direct modifications of the
+content of objects when in sharedRepository mode, like it normally does.
+
+Since that's a belt and suspenders protection, and since the object
+directory permissions weakening already lost a similar protection against
+accidential deletion of object files, shrug, I guess we'll do that.
+
+I do feel that sharedRepository mode rarely ever makes sense to use. It's
+very fiddely to get the permissions set up right and keep them right, and
+there are much better ways to share a centralized repo between users, eg
+use gitolite or a dedicated account that's locked down to only let
+git/git-annex commands be run.
+"""]]