How to prevent changes to repository by root

How to prevent changes to repository by root

[Nazri Ramliy]

I have a git repository owned by a non-privileged user account on a
machine that is logged into (via ssh) by multiple users. These multiple users,
all of them (not at at the same time) do "git pull" on this repository.

Everything is fine as long as they don't do the "git pull" as root.

Murphy's law and all, someone is bound to do "git pull" as root on that repo
and that would sometime cause problem for the non-privileged user (who 'own')
the git repo to do subsequent git operations on that repository.

My question is:

How do I limit any action on this repository to this non-privileged user only?

I looked at "git help hooks" thinking that maybe I can use one of the hooks to
add return "test $USER = foo" but from the descriptions there it is
not clear which
hook is the one that applies to this case (limit all repository action
on this repository
to this user only)

Any ideas?

Thanks in advance for any help.

nazri.

Re: How to prevent changes to repository by root

[Nicolas Sebrecht]

The 14/06/10, Nazri Ramliy wrote:

> I have a git repository owned by a non-privileged user account on a
> machine that is logged into (via ssh) by multiple users. These multiple users,
> all of them (not at at the same time) do "git pull" on this repository.
> 
> Everything is fine as long as they don't do the "git pull" as root.
> 
> Murphy's law and all, someone is bound to do "git pull" as root on that repo
> and that would sometime cause problem for the non-privileged user (who 'own')
> the git repo to do subsequent git operations on that repository.
> 
> My question is:
> 
> How do I limit any action on this repository to this non-privileged user only?

Don't give root access to your users. This is the only sane thing to do
in the unix world. ,-p

-- 
Nicolas Sebrecht

Re: How to prevent changes to repository by root

[Aneurin Price]

On Mon, Jun 14, 2010 at 04:12, Nazri Ramliy <ayiehere@gmail.com> wrote:
> I have a git repository owned by a non-privileged user account on a
> machine that is logged into (via ssh) by multiple users. These multiple users,
> all of them (not at at the same time) do "git pull" on this repository.
>
> Everything is fine as long as they don't do the "git pull" as root.
>

Is there ever any requirement for them to run git as root?

How are they becoming root? If they are using sudo you could forbid
running git as root. If they are using su or logging in directly maybe
you can get away with some trivial thing like putting 'alias
git=/bin/false' in /root/.bashrc - or some wrapper which does
something helpful rather than silently fail :-).

Nye

Re: How to prevent changes to repository by root

[Nazri Ramliy]

On Thu, Jun 17, 2010 at 12:09 AM, Aneurin Price <aneurin.price@gmail.com> wrote:
> How are they becoming root? If they are using sudo you could forbid
> running git as root. If they are using su or logging in directly maybe
> you can get away with some trivial thing like putting 'alias
> git=/bin/false' in /root/.bashrc - or some wrapper which does
> something helpful rather than silently fail :-).

Thanks for dropping the hint on wrapper.

I've implemented one that give the user a friendly reminder
that they are running git as root and ask whether to continue.

nazri.

Re: How to prevent changes to repository by root

[Pete Harlan]

On 06/16/2010 07:28 PM, Nazri Ramliy wrote:
> On Thu, Jun 17, 2010 at 12:09 AM, Aneurin Price <aneurin.price@gmail.com> wrote:
>> How are they becoming root? If they are using sudo you could forbid
>> running git as root. If they are using su or logging in directly maybe
>> you can get away with some trivial thing like putting 'alias
>> git=/bin/false' in /root/.bashrc - or some wrapper which does
>> something helpful rather than silently fail :-).
> 
> Thanks for dropping the hint on wrapper.
> 
> I've implemented one that give the user a friendly reminder
> that they are running git as root and ask whether to continue.

When I needed this I wrote a hook that refused a commit by root unless the commit message said something to the effect of:

Root commit performed by <person or script name>.

It's not that I minded so much that root was doing commits, it's the anonymity that was the problem.  So automated scripts that ran as root could perform commits too, they just had to include this note in the commit message so we knew which script was doing it.  It was all the honor-system, but it did what we wanted and prevented committing as root by accident.

--Pete