On Fri, Mar 12, 2021 at 11:43:46AM -0500, John Ratliff wrote:
> When I do sudo git pull, git does not know about my credential cache.
>
> On some servers, when I do a sudo -E git pull, it can find my
> credential cache and use it. On other servers, I think the sudo
> configuration is stripping the environment, so this doesn't work and I
> still have to enter my git credentials.
>
> What environment variables do I need to configure sudo to preserve to
> make sudo -E git pull work with my credential cache? Or is there
> something else I can pass to git or define to get it to use my
> credential cache?
>From "git help credential-cache":
--socket <path>
Use <path> to contact a running cache daemon (or start a new cache daemon if
one is not started). Defaults to $XDG_CACHE_HOME/git/credential/socket
unless ~/.git-credential-cache/ exists in which case
~/.git-credential-cache/socket is used instead. If your home directory is on
a network-mounted filesystem, you may need to change this to a local
filesystem. You must specify an absolute path.
So probably sudo is setting $HOME (even if using $XDG_CACHE_HOME, that defaults
to $HOME/.cache).
You can specify arguments to a helper in your config file, like:
[credential]
helper = "cache --socket /home/youruser/.git-credential-cache/socket"
which will make the location independent of $HOME.
Note that it's a little funky to be accessing the cache as a different user than
the one who created it. This should work reliably when the cache was created by
your normal user, but then accessed as root, because root has permissions to
access the socket. But if you spawn a cache daemon as root (because the _first_
operation you perform is as root, which automatically starts a daemon to store
the cached credential), then it's likely you won't be able to access it as your
regular user.
-Peff
