Re: Local git server can't serve https until repos owned by http, can't serve ssh unless repos owned by user after 2.45.1

[Junio C Hamano <gitster@pobox.com>]

"David C. Rankin" <drankinatty@gmail.com> writes:

>   I read the error from the server log and then attempted to add the
>   suggested config to ~/.gitconfig, e.g.:
>
> [safe]
> 	directory = /srv/git/embedded.git
> ...
> drwxr-xr-x  7 david david 4096 Jun 15 02:42 embedded.git

You say ~/.gitconfig here.  Whose home directory does "~" refer to?

The primary reason I wrote the message you are responding to was to
find this piece of information out (and tell you that it would be
different from the repository owner's), and I am still not sure if I
extracted that piece of information out of you, after reading the
message I am responding to twice.

In short, the above has to be in ~http/.gitconfig (if 'http' is the
user Apache runs as).  Listing it in ~david/.gitconfig would not
work.  It has to come from the user who runs Git in a directory the
user does not own (in this case, that is the 'http' user.  That user
runs, via the CGI interface, the server side Git programs to respond
to pushes and fetches, serving a repository not owned by 'http'),

The mechanism is about protecting the user that runs Git (i.e.
'http' in the context of "git push/fetch is responded by the Apache
web server via the CGI mechanism spawning 'git http-backend'") from
potentially malicious repositories owned by users that are *not*
'http' (i.e. /srv/git/embedded.git that is owned by david:david in
this case), as such repositories can contain hooks and other
configuration settings that would end up running programs as 'http'
user with 'http' user's priviledge, potentially writing into files
owned by 'http' user to attack 'http' user.

Hence, the "I am OK to run Git as myself in these repositories, even
though they are not owned by me" acceptance, which is an snippet in
gitconfig file you showed above, has to come from the 'http' user,
and certainly not from the 'david' user.  The configuration is about
protecting 'http' from 'david' and not about protecting 'david' from
'http', so configuration files in 'david' user's home directory
should have no say in who 'http' user is willing to trust.

So, back to the original question.  You said ~/.gitconfig/ has the
safe.directory settings.  Whose ~/.gitconfig/?

I would have expected that the only thing you'd need to do is to let
your 'http' user tell Git that it does not want the paranoid safety
more recent versions of Git offers with the safe.directory setting
in ~http/.gitconfig, and have repositories owned by individual users
that come over ssh as they themselves.  For those who are accessing
their own repositories over ssh as themselves, everything should
work just as before.