Bitbucket pre-receive hook to check file permissions

Matei David February 13, 2020

Is there an example of how to write a Bitbucket pre-receive hook to check the permissions of the files modified/affected by any commit within that push? My primary concern is to prevent regular files from being committed with the executable bit set.

2 answers

0 votes
Stanislav Seletskiy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 13, 2020

@Matei David: You can use External Hooks add-on for this purposes.

It supports pre-receive hooks, so you can write simple bash script which will check executable flag on files you want to protect and will reject push if violations of this policy were found.

Ping us at we@reconquest.io and our team will assist you in configuring add-on for your workflow.

Matei David February 14, 2020

Thanks, but in my case this would involve moving some mountains... :)

Stanislav Seletskiy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 14, 2020

@Matei DavidWell, the only way to have custom server-side hooks is to install add-on which provides them. You can also write your own add-on in Java which will provide custom hooks, but it's certainly not a piece of a cake.

Anything we can do to help you move mountains? :)

0 votes
Mikael Sandberg
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 13, 2020

Git only tracks the execute bit for the user that owns the file, not for other users. Same applies for read/write, it is not tracked at all. So what you could do is turn off the tracking of the execute bit, either on the repository level or on a global level (then it has to be done on each client). See this blog post for more information: https://medium.com/@tahteche/how-git-treats-changes-in-file-permissions-f71874ca239d 

Matei David February 14, 2020

I understand that git only tracks the user's execute bit: of 755/644, only the 7/6 matters, and here we're only talking about the least significant bit 1/0 which is the execute permission.

I also understand this can be fixed at the client level, e.g. `core.filemode=false` on Windows resolves all this. (Naturally, Windows is the source of file mode issues.)

My problem is that the individual clients might not be sufficiently motivated to keep their work tidy, and I was hoping a server-side pre-hook could help in that sense. After all, that's the motivation for server side hooks, right?

Mikael Sandberg
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 14, 2020

The core.filemode=false can also be set in the config file for your repository. Also note that the execute bit only affects the owner of the file, other users are not affected by it. 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events