A side note first. I assume the command was
git config --global --add safe.directory
right? To my knowledge, the names of the command-line options and flags
understood by Git use two leading dashes.
OK, now to the essense of your question. The "--global" command-line option
selects the so-called global configuration "scope", which is documented as
referring to the configuration files in the following locations:
- $XDG_CONFIG_HOME/git/config
- ~/.gitconfig
They both use Unix-y stuff, but ignoring certain subtleties, it can be said
that they both refer to pathnames rooted in the currect directory of the
current user. This means, the admin has set that configuration knob only for
their own account; everyone logging in using different credentials obviously
gets their own global Git configuration scope. In other words, "global" means
"global for the user". The "truly global" - that is, system-wide -
configuration scope is called "system".
One last question: did the admin make sure that the ACLs on the resulting
repository are set in a way explained below?
1. Each user in that OU has the R/W rights on the repository, and
2. These rights are set as inheritable on the top-level repository's
directory - so that whenever a Git process performing some command
executed by a logged-in user needs to create a directory (a quite common
thing - given the way Git's oject storage is implemented), that action
does not only succeed but also results in a directory with the correct
ACLs set on it.
IOW, Git itself won't explicitly mess with ACLs on the directories it creates,
or, at least I would not expect it to.