From: Junio C Hamano <gitster@pobox•com>
To: Phillip Wood <phillip.wood123@gmail•com>
Cc: Florian Schmaus <flo@geekplace•eu>,
git@vger•kernel.org,
Johannes Schindelin <Johannes.Schindelin@gmx•de>
Subject: Re: [PATCH] setup: support GIT_IGNORE_INSECURE_OWNER environment variable
Date: Wed, 26 Jun 2024 11:11:04 -0700 [thread overview]
Message-ID: <xmqqa5j71snb.fsf@gitster.g> (raw)
In-Reply-To: <72e42e9f-5b85-4863-8506-c99d658d7596@gmail.com> (Phillip Wood's message of "Wed, 26 Jun 2024 16:26:15 +0100")
Phillip Wood <phillip.wood123@gmail•com> writes:
> To expand an this a little - a couple of times I've wanted to checkout
> a bare repository that is owned by a different user. It is a pain to
> have to add a new config setting just for a one-off checkout. Being
> able to adjust the config on the command line would be very useful in
> that case.
True. As long as it is deemed safe to honor the one-off "git -c
safe.directory=..." from the command line, for the purpose of this
"I who am running this 'git' process hereby declare that I trust
this and that repository", I think it would be the best solution
for the "git daemon" use case.
And it is much better than adding a one-off environment variable.
After all, if your "git daemon" user does not have a $HOME set in
its /etc/passwd entry, you cannot set such an environment variable
in $HOME/.profile so somewhere in your "git daemon" invocation would
have to be tweaked to have code snippet that sets and exports it
*anyway*. You can tweak the "git" invocation to add the command
line tweak "-c safe.directory=..." at the place you would have set
and exported the variable, and using the well understood "git -c
var=val" mechanism would be more appropriate.
>> Or you could set $HOME to a suitable directory when running "git
> ...
> The advantage of this approach is that there are no changes needed to
> git, instead of setting GIT_IGNORE_INSECURE_OWNER one sets HOME to
> point to a suitable config file. I found this useful when I was
> debugging the issues with git-daemon earlier[1]
Yup, that sounds like a workable approach, if "git -c var=val"
approach turns out to be inappropriate for security purposes
for whatever reason.
Thanks.
next prev parent reply other threads:[~2024-06-26 18:11 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-26 12:33 [PATCH 0/1] support GIT_IGNORE_INSECURE_OWNER environment variable Florian Schmaus
2024-06-26 12:33 ` [PATCH] setup: " Florian Schmaus
2024-06-26 13:11 ` Phillip Wood
2024-06-26 15:19 ` rsbecker
2024-06-26 18:38 ` phillip.wood123
2024-06-26 15:26 ` Phillip Wood
2024-06-26 18:11 ` Junio C Hamano [this message]
2024-06-26 19:06 ` Florian Schmaus
2024-06-26 20:37 ` Jeff King
2024-06-27 9:50 ` Phillip Wood
2024-06-27 15:28 ` Junio C Hamano
2024-06-28 9:35 ` Phillip Wood
2024-06-28 16:48 ` Junio C Hamano
2024-07-01 15:24 ` Phillip Wood
2024-07-01 17:32 ` Junio C Hamano
2024-07-01 16:34 ` Johannes Schindelin
2024-07-01 18:19 ` Jeff King
2024-07-01 20:40 ` Junio C Hamano
2024-07-01 22:25 ` Jeff King
2024-07-02 0:19 ` Eric Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqa5j71snb.fsf@gitster.g \
--to=gitster@pobox$(echo .)com \
--cc=Johannes.Schindelin@gmx$(echo .)de \
--cc=flo@geekplace$(echo .)eu \
--cc=git@vger$(echo .)kernel.org \
--cc=phillip.wood123@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox