]>
Commit | Line | Data |
---|---|---|
8d1a7448 GC |
1 | safe.bareRepository:: |
2 | Specifies which bare repositories Git will work with. The currently | |
3 | supported values are: | |
4 | + | |
5 | * `all`: Git works with all bare repositories. This is the default. | |
6 | * `explicit`: Git only works with bare repositories specified via | |
7 | the top-level `--git-dir` command-line option, or the `GIT_DIR` | |
8 | environment variable (see linkgit:git[1]). | |
9 | + | |
10 | If you do not use bare repositories in your workflow, then it may be | |
11 | beneficial to set `safe.bareRepository` to `explicit` in your global | |
12 | config. This will protect you from attacks that involve cloning a | |
13 | repository that contains a bare repository and running a Git command | |
14 | within that directory. | |
15 | + | |
16 | This config setting is only respected in protected configuration (see | |
17 | <<SCOPES>>). This prevents the untrusted repository from tampering with | |
18 | this value. | |
19 | ||
8959555c JS |
20 | safe.directory:: |
21 | These config entries specify Git-tracked directories that are | |
22 | considered safe even if they are owned by someone other than the | |
23 | current user. By default, Git will refuse to even parse a Git | |
24 | config of a repository owned by someone else, let alone run its | |
25 | hooks, and this config setting allows users to specify exceptions, | |
26 | e.g. for intentionally shared repositories (see the `--shared` | |
27 | option in linkgit:git-init[1]). | |
28 | + | |
29 | This is a multi-valued setting, i.e. you can add more than one directory | |
30 | via `git config --add`. To reset the list of safe directories (e.g. to | |
31 | override any such directories specified in the system config), add a | |
32 | `safe.directory` entry with an empty value. | |
33 | + | |
6061601d GC |
34 | This config setting is only respected in protected configuration (see |
35 | <<SCOPES>>). This prevents the untrusted repository from tampering with this | |
36 | value. | |
8959555c JS |
37 | + |
38 | The value of this setting is interpolated, i.e. `~/<path>` expands to a | |
39 | path relative to the home directory and `%(prefix)/<path>` expands to a | |
40 | path relative to Git's (runtime) prefix. | |
0f85c4a3 DS |
41 | + |
42 | To completely opt-out of this security check, set `safe.directory` to the | |
43 | string `*`. This will allow all repositories to be treated as if their | |
44 | directory was listed in the `safe.directory` list. If `safe.directory=*` | |
45 | is set in system config and you want to re-enable this protection, then | |
46 | initialize your list with an empty value before listing the repositories | |
47 | that you deem safe. | |
ae9abbb6 CMAB |
48 | + |
49 | As explained, Git only allows you to access repositories owned by | |
50 | yourself, i.e. the user who is running Git, by default. When Git | |
51 | is running as 'root' in a non Windows platform that provides sudo, | |
6b11e3d5 CMAB |
52 | however, git checks the SUDO_UID environment variable that sudo creates |
53 | and will allow access to the uid recorded as its value in addition to | |
54 | the id from 'root'. | |
ae9abbb6 CMAB |
55 | This is to make it easy to perform a common sequence during installation |
56 | "make && sudo make install". A git process running under 'sudo' runs as | |
57 | 'root' but the 'sudo' command exports the environment variable to record | |
58 | which id the original user has. | |
59 | If that is not what you would prefer and want git to only trust | |
6b11e3d5 | 60 | repositories that are owned by root instead, then you can remove |
ae9abbb6 | 61 | the `SUDO_UID` variable from root's environment before invoking git. |