On Sun, Jul 28, 2024 at 10:27:00AM -0500, W. Michael Petullo wrote: > For completeness, I investigated how to do the same over SSH. Imagine a > repository user-owned by Bob, but group-owned with r/w/x permissions by > a group containing Alice. It seems the same trick fails because git-shell > rejects the custom upload-pack command: > > git -c safe.directory="*" clone -u 'git -c safe.directory="*" upload-pack' alice@xxxxxxxxxxxxxxx:/shared/repository > Cloning into 'git'... > fatal: unrecognized command 'git -c safe.directory="*" upload-pack '/shared/repository'' > fatal: Could not read from remote repository. > > Please make sure you have the correct access rights > and the repository exists. It should work over ssh in the general case, but yes, if you're using git-shell, the whole idea there is to restrict what the client can specify. And so there won't be any workaround from the client side (if there were, it would be a bug!). > I was able to overcome this by creating /home/alice/git-shell-commands/upload-pack-safe, > placing the following there > > #!/bin/sh > > git -c safe.directory="$1" upload-pack $1 > > and running: > > git -c safe.directory="*" clone -u upload-pack-safe alice@xxxxxxxxxxxxxxx:/shared/repository > > This seems to be another interface edge case. Is my solution reasonable, > or is there something else that would be more consistent? So yeah, that would work. But it might be simpler still to just put "[safe]directory = *" into /home/alice/.gitconfig. Then the client side does not have to do anything differently (or you could even put in a more limited relaxation of the rules, like "/shared/repository/*" or whatever). -Peff
