Reputation: 3737
Limiting access to local repository
I'm interested in tracking the /etcdir locally on my FreeBSD server with git, but without compromising the local security of my system.
For instance, the file /etc/master.passwd is only readable by root and I want it to be that way.
By this method, however, security was compromised:
As root, I created a git repository in /etc:
/etc# git init .
/etc# git add .
/etc# git commit -am "Initial commit"
The problem:
Since /etc is readable by someuser, someuser could copy the repository to his own writeable directory and checkout the sensitive file(s), thereby gaining read access:
/etc$ cp -Rpv .git /home/someuser/sandbox/.git
/etc$ cd /home/someuser/sandbox
~/sandbox$ git checkout master.passwd
~/sandbox$ cat master.passwd
....
What is best practice to prevent this?
Upvotes: 0
Views: 35
Answers (1)
Reputation: 174957
Make the .git folder only viewable by root as well.
I.e. give the directory (and all the files in it) the 600 permission (owner can read and write).
Upvotes: 3
Related Questions
- How do I add an empty directory to a Git repository?
- How can I rename a local Git branch?
- How do I undo the most recent local commits in Git?
- How do I change the URI (URL) for a remote Git repository?
- How do I revert a Git repository to a previous commit?
- How do I force "git pull" to overwrite local files?
- How do I push a new local branch to a remote Git repository and track it too?
- Reset local repository branch to be just like remote repository HEAD
- How do I remove local (untracked) files from the current Git working tree?
- How to determine the URL that a local Git repository was originally cloned from