From cbe6840efecf87e53a687cdce6fbdf84c6ab8a46 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 19 Sep 2013 08:40:59 -0400
Subject: [PATCH] Documentation

---
 src/main/java/com/gitblit/utils/JGitUtils.java |   25 ++++++++++++++++++++++---
 1 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/utils/JGitUtils.java b/src/main/java/com/gitblit/utils/JGitUtils.java
index 57bb147..cf6ec26 100644
--- a/src/main/java/com/gitblit/utils/JGitUtils.java
+++ b/src/main/java/com/gitblit/utils/JGitUtils.java
@@ -353,7 +353,10 @@
 		}
 
 		String getValue() {
-			if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return Integer.toOctalString(intValue);
+			if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) {
+				if (intValue == 0) return "0";
+				return String.format("0%o", intValue);
+			}
 			return enumValue.getConfigValue();
 		}
 
@@ -400,8 +403,22 @@
 		if (! path.exists()) return -1;
 
 		int perm = configShared.getPerm();
-		int mode = JnaUtils.getFilemode(path);
+		JnaUtils.Filestat stat = JnaUtils.getFilestat(path);
+		if (stat == null) return -1;
+		int mode = stat.mode;
 		if (mode < 0) return -1;
+
+		// Now, here is the kicker: Under Linux, chmod'ing a sgid file whose guid is different from the process'
+		// effective guid will reset the sgid flag of the file. Since there is no way to get the sgid flag back in
+		// that case, we decide to rather not touch is and getting the right permissions will have to be achieved
+		// in a different way, e.g. by using an appropriate umask for the Gitblit process.
+		if (System.getProperty("os.name").toLowerCase().startsWith("linux")) {
+			if ( ((mode & (JnaUtils.S_ISGID | JnaUtils.S_ISUID)) != 0)
+				&& stat.gid != JnaUtils.getegid() ) {
+				LOGGER.debug("Not adjusting permissions to prevent clearing suid/sgid bits for '" + path + "'" );
+				return 0;
+			}
+		}
 
 		// If the owner has no write access, delete it from group and other, too.
 		if ((mode & JnaUtils.S_IWUSR) == 0) perm &= ~0222;
@@ -410,7 +427,7 @@
 
 		if (configShared.isCustom()) {
 			// Use the custom value for access permissions.
-			mode |= (mode & ~0777) | perm;
+			mode = (mode & ~0777) | perm;
 		}
 		else {
 			// Just add necessary bits to existing permissions.
@@ -725,6 +742,8 @@
 		try {
 			if (tree == null) {
 				ObjectId object = getDefaultBranch(repository);
+				if (object == null)
+					return null;
 				RevCommit commit = rw.parseCommit(object);
 				tree = commit.getTree();
 			}

--
Gitblit v1.9.1