Community
Products
Bitbucket
Questions
Bitbucket pre-receive hook to check file permissions

Bitbucket pre-receive hook to check file permissions

Is there an example of how to write a Bitbucket pre-receive hook to check the permissions of the files modified/affected by any commit within that push? My primary concern is to prevent regular files from being committed with the executable bit set.

2 answers

0 votes

@Matei David: You can use External Hooks add-on for this purposes.

It supports pre-receive hooks, so you can write simple bash script which will check executable flag on files you want to protect and will reject push if violations of this policy were found.

Ping us at we@reconquest.io and our team will assist you in configuring add-on for your workflow.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks, but in my case this would involve moving some mountains... :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Matei DavidWell, the only way to have custom server-side hooks is to install add-on which provides them. You can also write your own add-on in Java which will provide custom hooks, but it's certainly not a piece of a cake.

Anything we can do to help you move mountains? :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

0 votes

Git only tracks the execute bit for the user that owns the file, not for other users. Same applies for read/write, it is not tracked at all. So what you could do is turn off the tracking of the execute bit, either on the repository level or on a global level (then it has to be done on each client). See this blog post for more information: https://medium.com/@tahteche/how-git-treats-changes-in-file-permissions-f71874ca239d

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I understand that git only tracks the user's execute bit: of 755/644, only the 7/6 matters, and here we're only talking about the least significant bit 1/0 which is the execute permission.

I also understand this can be fixed at the client level, e.g. `core.filemode=false` on Windows resolves all this. (Naturally, Windows is the source of file mode issues.)

My problem is that the individual clients might not be sufficiently motivated to keep their work tidy, and I was hoping a server-side pre-hook could help in that sense. After all, that's the motivation for server side hooks, right?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

The core.filemode=false can also be set in the config file for your repository. Also note that the execute bit only affects the owner of the file, other users are not affected by it.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS