From b724448b589d60a9a7dda60cf30741048c98e199 Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@cycos.com>
Date: Mon, 26 Aug 2013 06:39:57 -0400
Subject: [PATCH] Fix set-gid bit clearing under Linux when effective gid is different from file gid.

---
 src/main/java/com/gitblit/utils/JGitUtils.java |   16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/utils/JGitUtils.java b/src/main/java/com/gitblit/utils/JGitUtils.java
index 66dbd60..2e448c3 100644
--- a/src/main/java/com/gitblit/utils/JGitUtils.java
+++ b/src/main/java/com/gitblit/utils/JGitUtils.java
@@ -403,9 +403,23 @@
 		if (! path.exists()) return -1;
 
 		int perm = configShared.getPerm();
-		int mode = JnaUtils.getFilemode(path);
+		JnaUtils.Filestat stat = JnaUtils.getFilestat(path);
+		if (stat == null) return -1;
+		int mode = stat.mode;
 		if (mode < 0) return -1;
 
+		// Now, here is the kicker: Under Linux, chmod'ing a sgid file whose guid is different from the process'
+		// effective guid will reset the sgid flag of the file. Since there is no way to get the sgid flag back in
+		// that case, we decide to rather not touch is and getting the right permissions will have to be achieved
+		// in a different way, e.g. by using an appropriate umask for the Gitblit process.
+		if (System.getProperty("os.name").toLowerCase().startsWith("linux")) {
+			if ( ((mode & (JnaUtils.S_ISGID | JnaUtils.S_ISUID)) != 0)
+				&& stat.gid != JnaUtils.getegid() ) {
+				LOGGER.debug("Not adjusting permissions to prevent clearing suid/sgid bits for '" + path + "'" );
+				return 0;
+			}
+		}
+
 		// If the owner has no write access, delete it from group and other, too.
 		if ((mode & JnaUtils.S_IWUSR) == 0) perm &= ~0222;
 		// If the owner has execute access, set it for all blocks that have read access.

--
Gitblit v1.9.1