From: Jeff King <peff@peff.net>
To: Jonathan Nieder <jrnieder@gmail.com>
Cc: John Ratliff <john@technoplaza.net>, git@vger.kernel.org
Subject: Re: git credential cache and sudo
Date: Mon, 15 Mar 2021 14:56:43 -0400 [thread overview]
Message-ID: <YE+t6z6j2ITeqpnD@coredump.intra.peff.net> (raw)
In-Reply-To: <YEwoyeYM7ac+6aIx@google.com>
On Fri, Mar 12, 2021 at 06:51:53PM -0800, Jonathan Nieder wrote:
> > Note that it's a little funky to be accessing the cache as a different user than
> > the one who created it. This should work reliably when the cache was created by
> > your normal user, but then accessed as root, because root has permissions to
> > access the socket. But if you spawn a cache daemon as root (because the _first_
> > operation you perform is as root, which automatically starts a daemon to store
> > the cached credential), then it's likely you won't be able to access it as your
> > regular user.
>
> I wonder if this suggests a missing feature in
> git-credential-cache(1): if the manpage advertised a way to launch the
> daemon through an explicit command, similar to 'ssh-agent', then a
> user could run that as themselves before running other commands that
> communicate with it as another user.
Perhaps. The daemon side of the credential-cache helper does not work
quite like ssh-agent, though, in that it tries to be ephemeral. So after
starting, you have 30 seconds to give it some data to cache before it
will exit. Normally this is fine since it's started by the client side
of the helper, which will then immediately supply it with data.
So after starting it, you'd need to immediately prime it with data,
either manually or by running a Git command. And then hope that command,
including time to talk to the other side on the network and for you to
type your password, does not exceed the timeout.
-Peff
prev parent reply other threads:[~2021-03-15 18:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-12 16:43 git credential cache and sudo John Ratliff
2021-03-12 20:29 ` Jeff King
2021-03-13 2:51 ` Jonathan Nieder
2021-03-15 17:24 ` John Ratliff
2021-03-15 18:56 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YE+t6z6j2ITeqpnD@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=john@technoplaza.net \
--cc=jrnieder@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).