On Wed, Aug 27, 2014 at 07:49:30AM -0500, Les Mikesell wrote:
> On Wed, Aug 27, 2014 at 6:36 AM, D'Arcy J.M. Cain <darcy_at_vex.net> wrote:
> > I have read the posts about trying to deal with an untrusted root. I
> > know that there is no point in even trying. That's not my issue. My
> > issue is that sometimes I accidentally commit as root and files get
> > changed to root ownership blocking normal access to the repository.
> > All I want is something that recognizes root and prevents the commit. I
> > don't care if it is easily overcome by root as long as root can choose
> > not to do so. In other words, a warning would be good enough.
> >
>
> It's basically a bad idea to use file:// access at all for anything
> that might be used under multiple user ids.
Yes. The file:// URLs are intended for testing purposes, *not* production.
That said, a one-line pre-commit hook script could check its UID and
disallow the commit if it is invoked as root:
if [ "`whoami`" == "root" ]; then exit 1; fi
Received on 2014-08-27 15:24:22 CEST