ObjectWriter creates files as mode 0600, even if core.sharedRepository = "group"

[tomfitzhenry]

Per https://git-scm.com/docs/git-config, if core.sharedRepository = group, then "the repository is made shareable between several users in a group (making sure all the files and objects are group-writable)". This is useful when sharing an on-disk repo between two unix users (e.g. a web server, and a normal user accessing the repo via git push/pull over SSH).

go-git seems to unconditionally create object files as 0600, meaning they are unaccessible to members of the group.

Steps to reproduce

1. Create a repository with git init --shared (this sets core.sharedRepository to group)
2. Commit via https://github.com/go-git/go-git/blob/master/_examples/commit/main.go

Expected

Files created in git/objects/ are at least group-readable, e.g. 0660.

Actual

Files created in .git/objects/ are 0600.

What's happening

1. ObjectWriter uses billy.Filesystem's TempFile: https://github.com/go-git/go-git/blob/809f9df1b76258a311a20c76d346e86aca0a08f8/storage/filesystem/dotgit/writers.go#L256
2. billy.Filesystem's TempFile uses ioutil.TempFIle: https://github.com/src-d/go-billy/blob/780403cfc1bc95ff4d07e7b26db40a6186c5326e/osfs/os.go#L99
3. ioutil.TempFile uses 0600 https://cs.opensource.google/go/go/+/refs/tags/go1.21.1:src/os/tempfile.go;l=44

[tomfitzhenry]

Ah, looks like directories .git/objects/de/ have the same problem: they're created g-w, but need g+w.

[pjbgf]

@tomfitzhenry would you be keen to propose a PR for this?

This may have some overlap with https://github.com/go-git/go-git/issues/528#issuecomment-1798246158.

[tomfitzhenry]

I no longer have this usecase, since I now just use the same user to serve HTTP and SSH.