On Wed, Aug 27, 2014 at 07:49:30AM -0500, Les Mikesell wrote: > On Wed, Aug 27, 2014 at 6:36 AM, D'Arcy J.M. Cain <da...@vex.net> wrote: > > I have read the posts about trying to deal with an untrusted root. I > > know that there is no point in even trying. That's not my issue. My > > issue is that sometimes I accidentally commit as root and files get > > changed to root ownership blocking normal access to the repository. > > All I want is something that recognizes root and prevents the commit. I > > don't care if it is easily overcome by root as long as root can choose > > not to do so. In other words, a warning would be good enough. > > > > It's basically a bad idea to use file:// access at all for anything > that might be used under multiple user ids.
Yes. The file:// URLs are intended for testing purposes, *not* production. That said, a one-line pre-commit hook script could check its UID and disallow the commit if it is invoked as root: if [ "`whoami`" == "root" ]; then exit 1; fi