On Sun, May 15, 2022 at 10:27:04PM -0700, Junio C Hamano wrote: > Carlo Arenas <carenas@xxxxxxxxx> writes: > > >> Hmph, it may not be needed, but it should still work, in which case > >> it probably is still worth testing, even with the optional patch #4. > > > > Just because it works, it doesn't mean we have to test it. > > Yes. It all depends on the answer to this question Not quite, after all this is part of the "git" testsuite and therefore will only apply if it would be testing git's functionality, and in this case it does not. More details below. > Is it > reasonably expected that any half-way intelligent Git user would not > be surprised to learn that "sudo sudo git status" would be a way to > work on a repository that is owned by root as root? Given that > "sudo git status" is a good way to work on a repository that is > owned by you as root, perhaps the answer is yes, but I am not > a representative sample ;-) > > If the answer is yes, then we would want to make sure it will > continue to work by having a test to protect it from future > breakage. If not, and "sudo sudo git" (or worse "sudo sudo sudo > git") is something that would be imagined by the most wicked mind > and no sane person would imagine it would be a way to achieve > something useful, no, it does not have to be protected from any > future breakage. The answer is "yes", but it is because of a misunderstanding (which has nothing to do with intelligence, but just experience with sudo and the type of environment where it runs). * sudo does NOT respect SUDO_UID, indeed is one of those few *NIX tools that doesn't even respect EUID but insist on only trusting the real id. * once you run something through sudo, it creates an environment for you that is based on its security policy and not even the invoking user can change some of the parametersr it uses to do that, only "root" can. * that means that once you invoke the first sudo, then the second runs as root and ignores the SUDO_UID the first sudo creates, so by the time git gets to run, it will only see the SUDO_UID that the one that invoked it creates, and since that sudo was running as root it MUST be the same than a root owned file/directory would use, hence why it works for that root owned repository and would fail in one that is owned by the original user. there is no new functionality or code path difference inside git between the first and second invocation of sudo, the only relevant difference is that the starting environment from the two last processes in that triple chain have different values for the SUDO_UID environment variable. Carlo
