* [RFC PATCH] Use SUDO_UID to guess committer identity
@ 2008-06-07 7:11 Shawn O. Pearce
2008-06-07 21:05 ` Junio C Hamano
0 siblings, 1 reply; 4+ messages in thread
From: Shawn O. Pearce @ 2008-06-07 7:11 UTC (permalink / raw)
To: git
When invoking Git commands though sudo against a bare repository
with reflogs enabled we should attempt to record the actual user's
information in the reflog, not the identity of the user sudo entered.
For example when executing:
sudo -u gitadm git --git-dir=/srv/git.git branch -f pu master
We want record information about the caller of sudo, not gitadm.
Relying on $SUDO_UID in this case isn't as bad as it might seem.
Under sudo $HOME is left as the real user's home directory and
$HOME/.gitconfig is used to supply user.name and user.email.
However if the real user does not have ~/.gitconfig or did not set
user.name/email we need to guess it from their GECOS information.
NO SBO - FOR DISCUSSION ONLY
---
ident.c | 21 ++++++++++++++++++---
1 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/ident.c b/ident.c
index b35504a..c821d5f 100644
--- a/ident.c
+++ b/ident.c
@@ -7,6 +7,21 @@
*/
#include "cache.h"
+static uid_t caller_uid(void)
+{
+ const char *sudo_uid = getenv("SUDO_UID");
+ char *end;
+ unsigned long who;
+
+ if (!sudo_uid || !*sudo_uid)
+ return getuid();
+
+ who = strtoul(sudo_uid, &end, 10)
+ if (*end)
+ return getuid();
+ return (uid_t)who;
+}
+
static char git_default_date[50];
static void copy_gecos(const struct passwd *w, char *name, size_t sz)
@@ -76,7 +91,7 @@ static void setup_ident(void)
/* Get the name ("gecos") */
if (!git_default_name[0]) {
- pw = getpwuid(getuid());
+ pw = getpwuid(caller_uid());
if (!pw)
die("You don't exist. Go away!");
copy_gecos(pw, git_default_name, sizeof(git_default_name));
@@ -90,7 +105,7 @@ static void setup_ident(void)
sizeof(git_default_email));
else {
if (!pw)
- pw = getpwuid(getuid());
+ pw = getpwuid(caller_uid());
if (!pw)
die("You don't exist. Go away!");
copy_email(pw);
@@ -208,7 +223,7 @@ const char *fmt_ident(const char *name, const char *email,
}
if (error_on_no_name)
die("empty ident %s <%s> not allowed", name, email);
- pw = getpwuid(getuid());
+ pw = getpwuid(caller_uid());
if (!pw)
die("You don't exist. Go away!");
strlcpy(git_default_name, pw->pw_name,
--
Shawn.
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [RFC PATCH] Use SUDO_UID to guess committer identity
2008-06-07 7:11 [RFC PATCH] Use SUDO_UID to guess committer identity Shawn O. Pearce
@ 2008-06-07 21:05 ` Junio C Hamano
2008-06-08 0:23 ` Shawn O. Pearce
0 siblings, 1 reply; 4+ messages in thread
From: Junio C Hamano @ 2008-06-07 21:05 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: git
"Shawn O. Pearce" <spearce@spearce.org> writes:
> When invoking Git commands though sudo against a bare repository
> with reflogs enabled we should attempt to record the actual user's
> information in the reflog, not the identity of the user sudo entered.
>
> For example when executing:
>
> sudo -u gitadm git --git-dir=/srv/git.git branch -f pu master
>
> We want record information about the caller of sudo, not gitadm.
If you are using something esoteric like pseudo, isn't it too much to ask
to also use existing GIT_COMMITTER_NAME, or are there reasons why it is
not sufficient?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH] Use SUDO_UID to guess committer identity
2008-06-07 21:05 ` Junio C Hamano
@ 2008-06-08 0:23 ` Shawn O. Pearce
2008-06-08 0:57 ` Junio C Hamano
0 siblings, 1 reply; 4+ messages in thread
From: Shawn O. Pearce @ 2008-06-08 0:23 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
Junio C Hamano <gitster@pobox.com> wrote:
> "Shawn O. Pearce" <spearce@spearce.org> writes:
>
> > When invoking Git commands though sudo against a bare repository
> > with reflogs enabled we should attempt to record the actual user's
> > information in the reflog, not the identity of the user sudo entered.
> >
> > For example when executing:
> >
> > sudo -u gitadm git --git-dir=/srv/git.git branch -f pu master
> >
> > We want record information about the caller of sudo, not gitadm.
>
> If you are using something esoteric like pseudo, isn't it too much to ask
> to also use existing GIT_COMMITTER_NAME, or are there reasons why it is
> not sufficient?
The issue is when users run commands though sudo, but forget to set a
value for GIT_COMMITTER_NAME/EMAIL, or to configure ~/.gitconfig in
their personal account. Now git has to guess the values for these
based on the gecos of getuid(), and getuid() is returning the uid
of the service account sudo entered (gitadm), not the real user's
account. So the reflogs show generic "GIT Admin" and not who it was.
Eh, I'm myself not entirely happy with the patch. It honors the
real user's $HOME/.gitconfig user.name/email settings and not the
SUDO_UID data. I'd almost prefer favoring SUDO_UID over whatever
we inherit in from the enviroment or from $HOME/.gitconfig when it
comes to committer identity.
--
Shawn.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [RFC PATCH] Use SUDO_UID to guess committer identity
2008-06-08 0:23 ` Shawn O. Pearce
@ 2008-06-08 0:57 ` Junio C Hamano
0 siblings, 0 replies; 4+ messages in thread
From: Junio C Hamano @ 2008-06-08 0:57 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: git
"Shawn O. Pearce" <spearce@spearce.org> writes:
> Junio C Hamano <gitster@pobox.com> wrote:
>> "Shawn O. Pearce" <spearce@spearce.org> writes:
>>
>> > When invoking Git commands though sudo against a bare repository
>> > with reflogs enabled we should attempt to record the actual user's
>> > information in the reflog, not the identity of the user sudo entered.
>> >
>> > For example when executing:
>> >
>> > sudo -u gitadm git --git-dir=/srv/git.git branch -f pu master
>> >
>> > We want record information about the caller of sudo, not gitadm.
> ...
> The issue is when users run commands though sudo, but forget to set a
> value for GIT_COMMITTER_NAME/EMAIL, or to configure ~/.gitconfig in
> their personal account.
In your scenario, is the above "sudo -u gitadm" the exact command line
the end users type, or is it wrapped in the script you give to them?
> Eh, I'm myself not entirely happy with the patch. It honors the
> real user's $HOME/.gitconfig user.name/email settings and not the
> SUDO_UID data. I'd almost prefer favoring SUDO_UID over whatever
> we inherit in from the enviroment or from $HOME/.gitconfig when it
> comes to committer identity.
The thing is, I personally hate pseudo and wish that your solution did not
rely on SUDO_UID which is too specific to that hack.
Sometimes people need to lie to their SCM when doing things in behalf of
somebody else, and I agree we would want to give them a way to do so. And
we do, just like RCS and CVS honor LOGNAME.
If you have /etc/hosts under RCS control but you do not want all the log
entries to say 'root', and you would do:
$ cd /etc
$ su
root# edit /etc/hosts
root# LOGNAME=me ci -u -m 'Add host bar' hosts
When omebody asks you to help him fixing his bug, you go to his keyboard,
show him how it should be done, and you concude the session with:
his shell$ LOGNAME=me ci -u -m 'Fix foo' foo.c
The point is that the same mechanism works (because it is designed to) in
both cases.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-06-08 0:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-07 7:11 [RFC PATCH] Use SUDO_UID to guess committer identity Shawn O. Pearce
2008-06-07 21:05 ` Junio C Hamano
2008-06-08 0:23 ` Shawn O. Pearce
2008-06-08 0:57 ` Junio C Hamano
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).