How to Create a Secure Git Repository on a Shared Server
If you’re like me, you might like hosting your private repositories yourself Something about trusting other people with my secure files gives me the willies. I also prefer keeping these files under version control, so I began exploring setting up a git repository on my server.
It was pretty easy, git init --bare secure.git to initialize a repository at ./secure.git. The problem with this, is even if you set the umask to 0077, the files will become readable by all users after you push. You could re-mask them to be 0700, but next time you push it’ll store new files too permissively.
The solution is fairly easy, but it took a little bit of googling:
git init --bare --shared=0700 secure.git
This causes all files in this repository to only be readable by the user who owns the directory. If you want your files to be secure, make sure you initialize your repository with this command, otherwise everyone will be able to read your PGP keys.
Now, pretending your server is your-ssh-server.com, and the username is user, you would add it as a remote to your repository as such: git remote add origin user@your-ssh-server.com:path/to/secure.git