When Git Proxy is running in a secure environment, the node process is likely running under some sort of user. This user should have local file permissions to create directories for the file-based DB (if used) as well as cloning repositories that are in-flight via Git Proxy. The pullRemote step expects to create a directory under .remote/{timestamp}. Currently, that directory is expected to have full rwx permissions across user, group and everyone/world.
This is generally not best practice. In certain deployment environments such as Openshift, it's explicitly disallowed.
A simple fix is to create a directory with only user permissions which is typically rwxr-xr-x (0755) for directories.
When Git Proxy is running in a secure environment, the node process is likely running under some sort of user. This user should have local file permissions to create directories for the file-based DB (if used) as well as cloning repositories that are in-flight via Git Proxy. The pullRemote step expects to create a directory under
.remote/{timestamp}
. Currently, that directory is expected to have full rwx permissions across user, group and everyone/world.This is generally not best practice. In certain deployment environments such as Openshift, it's explicitly disallowed.
A simple fix is to create a directory with only user permissions which is typically rwxr-xr-x (0755) for directories.
See: https://betterstack.com/community/questions/what-permissions-should-my-website-directory-have-on-linux/
Affected line: https://github.com/finos/git-proxy/blob/1f39f10e3ec4515a3684c3bf881c5edfa435554e/src/proxy/processors/push-action/pullRemote.js#L19