mirror of
https://github.com/facebook/sapling.git
synced 2024-10-11 17:27:53 +03:00
bdb47a171c
Summary: This is mainly to address the same issue as D3609747: prevent issues caused by running hg as root. The difference is this extension reads owner and uid dynamically without config when initializing of a localrepo object. As a side effect it covers more situations like running hg in others' repos, while being less restrictive for some other commands like `sudo hg version`. Test Plan: Added a new test Reviewers: #mercurial, ttung, rmcelroy Reviewed By: rmcelroy Subscribers: ikostia, rmcelroy, mjpieters Differential Revision: https://phabricator.intern.facebook.com/D3619997 Tasks: 11723374 Signature: t1:3619997:1470176448:beaf53c09fca498206767641ffa4315a744ee07e
35 lines
932 B
Perl
35 lines
932 B
Perl
$ cat >> $HGRCPATH << EOF
|
|
> [extensions]
|
|
> ownercheck=$TESTDIR/../hgext3rd/ownercheck.py
|
|
> EOF
|
|
|
|
ownercheck does not prevent normal hg operations
|
|
|
|
$ hg init repo1
|
|
|
|
make os.getuid return a different, fake uid
|
|
|
|
$ cat >> fakeuid.py << EOF
|
|
> import os
|
|
> _getuid = os.getuid
|
|
> def fakeuid(): return _getuid() + 1
|
|
> os.getuid = fakeuid
|
|
> EOF
|
|
|
|
ownercheck prevents wrong user from creating new repos
|
|
|
|
$ hg --config extensions.fakeuid=fakeuid.py init repo2
|
|
abort: $TESTTMP is owned by *, not you * (glob)
|
|
you are likely doing something wrong.
|
|
(you can skip the check using --config extensions.ownercheck=!)
|
|
[255]
|
|
|
|
ownercheck prevents wrong user from accessing existing repos
|
|
|
|
$ hg --config extensions.fakeuid=fakeuid.py log --repo repo1
|
|
abort: $TESTTMP/repo1 is owned by *, not you * (glob)
|
|
you are likely doing something wrong.
|
|
(you can skip the check using --config extensions.ownercheck=!)
|
|
[255]
|
|
|