Sometimes more flexibility to disable/ignore the ownership check, besides the safe.directory configuration option, is required. For example, git-daemon running as nobody user, which typically has no home directory. Therefore, we can not add the path to a user-global configuration and adding the path to the system-wide configuration could have negative security implications. Therefore, make the check configurable via an environment variable. If the environment variable GIT_IGNORE_INSECURE_OWNER is set to true, then ignore potentially insecure ownership of git-related path components. Signed-off-by: Florian Schmaus <flo@xxxxxxxxxxxx> --- setup.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/setup.c b/setup.c index 3afa6fb09b28..da3f504fb536 100644 --- a/setup.c +++ b/setup.c @@ -1278,6 +1278,14 @@ static int ensure_valid_ownership(const char *gitfile, */ git_protected_config(safe_directory_cb, &data); + if (data.is_safe) + return data.is_safe; + + if (git_env_bool("GIT_IGNORE_INSECURE_OWNER", 0)) { + warning("ignoring dubious ownership in repository at '%s' (GIT_IGNORE_INSECURE_OWNER set)", data.path); + return 1; + } + return data.is_safe; } -- 2.44.2