$root = $params['root'];
$repodir = $root . '/users/' . $user_name . '.git' ;
- system("su - $user_name -c 'chgrp $unix_group $repodir'");
+ chgrp($repodir, $unix_group);
if ($project->enableAnonSCM()) {
chmod ($repodir, 02755);
} else {
// Create main repository
$main_repo = $root . '/' . $project_name . '.git' ;
- if (!is_file ("$main_repo/HEAD") && !is_dir("$main_repo/objects") && !is_dir("$main_repo/refs")) {
+ if (!is_dir($main_repo) || (!is_file("$main_repo/HEAD") &&
+ !is_dir("$main_repo/objects") && !is_dir("$main_repo/refs"))) {
$tmp_repo = util_mkdtemp('.git', $project_name);
if ($tmp_repo == false) {
return false;
system ("chmod -R g+wX,o-rwx $tmp_repo") ;
}
$ret = true;
+ /*
+ * $main_repo can already exist, for example if it’s
+ * not a directory or doesn’t contain a HEAD file or
+ * an objects or refs subdirectory… move it out of
+ * the way in these cases
+ */
+ system("if test -e $main_repo || test -h $main_repo; then d=\$(mktemp -d $main_repo.scmgit-moved.XXXXXXXXXX) && mv -f $main_repo \$d/; fi");
+ /* here’s still a TOCTOU but we check $ret below */
system("mv $tmp_repo $main_repo", $ret);
if ($ret != 0) {
return false;