git-compat-util: allow root to access both SUDO_UID and root owned
Previous changes introduced a regression which will prevent root for accessing repositories owned by thyself if using sudo because SUDO_UID takes precedence. Loosen that restriction by allowing root to access repositories owned by both uid by default and without having to add a safe.directory exception. A previous workaround that was documented in the tests is no longer needed so it has been removed together with its specially crafted prerequisite. Helped-by: Johanness Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
b9063afda1
commit
6b11e3d52e
@ -30,12 +30,13 @@ that you deem safe.
|
||||
As explained, Git only allows you to access repositories owned by
|
||||
yourself, i.e. the user who is running Git, by default. When Git
|
||||
is running as 'root' in a non Windows platform that provides sudo,
|
||||
however, git checks the SUDO_UID environment variable that sudo creates
|
||||
and will allow access to the uid recorded as its value instead.
|
||||
however, git checks the SUDO_UID environment variable that sudo creates
|
||||
and will allow access to the uid recorded as its value in addition to
|
||||
the id from 'root'.
|
||||
This is to make it easy to perform a common sequence during installation
|
||||
"make && sudo make install". A git process running under 'sudo' runs as
|
||||
'root' but the 'sudo' command exports the environment variable to record
|
||||
which id the original user has.
|
||||
If that is not what you would prefer and want git to only trust
|
||||
repositories that are owned by root instead, then you must remove
|
||||
repositories that are owned by root instead, then you can remove
|
||||
the `SUDO_UID` variable from root's environment before invoking git.
|
||||
|
@ -447,7 +447,12 @@ static inline int is_path_owned_by_current_uid(const char *path)
|
||||
|
||||
euid = geteuid();
|
||||
if (euid == ROOT_UID)
|
||||
extract_id_from_env("SUDO_UID", &euid);
|
||||
{
|
||||
if (st.st_uid == ROOT_UID)
|
||||
return 1;
|
||||
else
|
||||
extract_id_from_env("SUDO_UID", &euid);
|
||||
}
|
||||
|
||||
return st.st_uid == euid;
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ test_expect_success 'can access if addressed explicitly' '
|
||||
)
|
||||
'
|
||||
|
||||
test_expect_failure SUDO 'can access with sudo if root' '
|
||||
test_expect_success SUDO 'can access with sudo if root' '
|
||||
(
|
||||
cd root/p &&
|
||||
sudo git status
|
||||
@ -85,19 +85,6 @@ test_expect_success SUDO 'can access with sudo if root by removing SUDO_UID' '
|
||||
)
|
||||
'
|
||||
|
||||
test_lazy_prereq SUDO_SUDO '
|
||||
sudo sudo id -u >u &&
|
||||
id -u root >r &&
|
||||
test_cmp u r
|
||||
'
|
||||
|
||||
test_expect_success SUDO_SUDO 'can access with sudo abusing SUDO_UID' '
|
||||
(
|
||||
cd root/p &&
|
||||
sudo sudo git status
|
||||
)
|
||||
'
|
||||
|
||||
# this MUST be always the last test
|
||||
test_expect_success SUDO 'cleanup' '
|
||||
sudo rm -rf root
|
||||
|
Loading…
Reference in New Issue
Block a user