Re: git credential cache and sudo

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jonathan Nieder <jrnieder@gmail.com>
To: Jeff King <peff@peff.net>
Cc: John Ratliff <john@technoplaza.net>, git@vger.kernel.org
Subject: Re: git credential cache and sudo
Date: Fri, 12 Mar 2021 18:51:53 -0800	[thread overview]
Message-ID: <YEwoyeYM7ac+6aIx@google.com> (raw)
In-Reply-To: <YEvPQS1+1sxd/aGw@coredump.intra.peff.net>

Jeff King wrote:

> Note that it's a little funky to be accessing the cache as a different user than
> the one who created it. This should work reliably when the cache was created by
> your normal user, but then accessed as root, because root has permissions to
> access the socket. But if you spawn a cache daemon as root (because the _first_
> operation you perform is as root, which automatically starts a daemon to store
> the cached credential), then it's likely you won't be able to access it as your
> regular user.

I wonder if this suggests a missing feature in
git-credential-cache(1): if the manpage advertised a way to launch the
daemon through an explicit command, similar to 'ssh-agent', then a
user could run that as themselves before running other commands that
communicate with it as another user.

All that said: John, why are you running git as root in the first
place?  It's likely that it's safer to run git as a different user and
use a separate command such as rsync to perform the privileged deploy
action.

Thanks,
Jonathan

next prev parent reply	other threads:[~2021-03-13  2:52 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-12 16:43 git credential cache and sudo John Ratliff
2021-03-12 20:29 ` Jeff King
2021-03-13  2:51   ` Jonathan Nieder [this message]
2021-03-15 17:24     ` John Ratliff
2021-03-15 18:56     ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YEwoyeYM7ac+6aIx@google.com \
    --to=jrnieder@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=john@technoplaza.net \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.