From: Neal Kreitzinger <nkreitzinger@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: Adrian Cornish <git@bluedreamer.com>, git@vger.kernel.org
Subject: Re: Stop a git commit by a specific author using pre-commit hook
Date: Sat, 10 Mar 2012 17:03:08 -0600 [thread overview]
Message-ID: <4F5BDDAC.4050700@gmail.com> (raw)
In-Reply-To: <7vboo415rn.fsf@alter.siamese.dyndns.org>
On 3/10/2012 3:54 PM, Junio C Hamano wrote:
> Neal Kreitzinger<nkreitzinger@gmail.com> writes:
>
>> On 3/8/2012 7:15 PM, Adrian Cornish wrote:
>>> My plan is to use git to keep track of changes in /etc but when
>>> committing I want to have the person making the change specify
>>> themselves as author by adding the --author option on the commandline.
>>> So I would like to stop accidental commits as root.
>> ...
>> We use whoami in our pre-commit hook to see who the user is that is
>> doing the commit. I think you could also use GIT_COMMITTER_NAME or
>> linux $USER environment variables. Either way, the --author seems
>> like an unnecessary and unreliable way to get the username.
>> ... If people can su to root
>> then $USER will not work because it will still be set to their
>> original user name (before they did su to root). Therefore, "whoami"
>> seems like your best solution.
> When people want to raise a red flag against a commit made by root,
> they are coming from two different schools.
>
> One is "do not run 'git' or any development tool for that matter
> while being root". It is a good discipline to follow in general to
> limit what you do with escalated privilege to the minimum.
>
> The other is "record who actually did the work, not 'root' that
> people cannot later track down who it actually was". People from
> this school do not mind running development tools as root.
>
> And your advice is a good one for the former, but not very relevant
> for the latter.
>
> And I think Adrian is asking for the latter.
>
Now I see. In that case, at the point pre-commit is run git has not
overriden GIT_AUTHOR_IDENT with your --author value, yet. I don't know
if that is a bug or not. The prepare-commit-msg hook is the same way.
However, by the time the commit-msg hook runs git has placed your
--author override into GIT_AUTHOR_IDENT so if you check it there it will
work and you can abort the commit. Of course, at that point the user
has already typed their commit message and may lose it. You could
create a git alias like "git root-commit" that prompts them to enter
their authorname and then runs git-commit --author with that user
provided value. Pre-commit hook could detect root user and error out
telling them to run git-root-commit instead.
v/r,
neal
next prev parent reply other threads:[~2012-03-10 23:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-09 1:15 Stop a git commit by a specific author using pre-commit hook Adrian Cornish
2012-03-10 19:41 ` Neal Kreitzinger
2012-03-10 21:54 ` Junio C Hamano
2012-03-10 23:03 ` Neal Kreitzinger [this message]
2012-03-11 11:05 ` Junio C Hamano
2012-03-11 11:08 ` [PATCH 1/(3/4)] test: does pre-commit-hook learn authorship? Junio C Hamano
2012-03-11 20:30 ` Johannes Sixt
2012-03-11 21:09 ` Junio C Hamano
2012-03-11 11:09 ` [PATCH 2/(3/4)] ident.c: add split_ident_line() to parse formatted ident line Junio C Hamano
2012-03-11 11:11 ` [PATCH 3/3] commit: pass author/committer info to hooks Junio C Hamano
2012-03-12 11:29 ` Jeff King
2012-03-11 11:15 ` [PATCH 3/4] run_hook(): enhance the interface to pass arbitrary environment Junio C Hamano
2012-03-11 11:16 ` [PATCH 4/4] commit: pass author/committer info to hooks Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F5BDDAC.4050700@gmail.com \
--to=nkreitzinger@gmail.com \
--cc=git@bluedreamer.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).