Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bitbucket pre-receive hook to check file permissions

Is there an example of how to write a Bitbucket pre-receive hook to check the permissions of the files modified/affected by any commit within that push? My primary concern is to prevent regular files from being committed with the executable bit set.

2 answers

0 votes
Mikael Sandberg Community Leader Feb 13, 2020

Git only tracks the execute bit for the user that owns the file, not for other users. Same applies for read/write, it is not tracked at all. So what you could do is turn off the tracking of the execute bit, either on the repository level or on a global level (then it has to be done on each client). See this blog post for more information: https://medium.com/@tahteche/how-git-treats-changes-in-file-permissions-f71874ca239d 

I understand that git only tracks the user's execute bit: of 755/644, only the 7/6 matters, and here we're only talking about the least significant bit 1/0 which is the execute permission.

I also understand this can be fixed at the client level, e.g. `core.filemode=false` on Windows resolves all this. (Naturally, Windows is the source of file mode issues.)

My problem is that the individual clients might not be sufficiently motivated to keep their work tidy, and I was hoping a server-side pre-hook could help in that sense. After all, that's the motivation for server side hooks, right?

Mikael Sandberg Community Leader Feb 14, 2020

The core.filemode=false can also be set in the config file for your repository. Also note that the execute bit only affects the owner of the file, other users are not affected by it. 

@Matei David: You can use External Hooks add-on for this purposes.

It supports pre-receive hooks, so you can write simple bash script which will check executable flag on files you want to protect and will reject push if violations of this policy were found.

Ping us at we@reconquest.io and our team will assist you in configuring add-on for your workflow.

Thanks, but in my case this would involve moving some mountains... :)

@Matei DavidWell, the only way to have custom server-side hooks is to install add-on which provides them. You can also write your own add-on in Java which will provide custom hooks, but it's certainly not a piece of a cake.

Anything we can do to help you move mountains? :)

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

2,135 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you