Ownership check failed on FAT filesystems

[clzls]

• I was not able to find an open or closed issue matching what I'm seeing

Setup

• Which version of Git for Windows are you using? Is it 32-bit or 64-bit?

$ git --version --build-options

git version 2.36.1.windows.1
cpu: x86_64
built from commit: e2ff68a2d1426758c78d023f863bfa1e03cbc768
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon

• Which version of Windows are you running? Vista, 7, 8, 10? Is it 32-bit or 64-bit?

$ cmd.exe /c ver

Microsoft Windows [???? 10.0.19044.1706]

• What options did you set as part of the installation? Or did you choose the
  defaults?

# One of the following:
> type "C:\Program Files\Git\etc\install-options.txt"
> type "C:\Program Files (x86)\Git\etc\install-options.txt"
> type "%USERPROFILE%\AppData\Local\Programs\Git\etc\install-options.txt"
> type "$env:USERPROFILE\AppData\Local\Programs\Git\etc\install-options.txt"
$ cat /etc/install-options.txt

Editor Option: Nano
Custom Editor Path:
Default Branch Option:
Path Option: Cmd
SSH Option: ExternalOpenSSH
Tortoise Option: false
CURL Option: OpenSSL
CRLF Option: CRLFCommitAsIs
Bash Terminal Option: ConHost
Git Pull Behavior Option: Rebase
Use Credential Manager: Enabled
Performance Tweaks FSCache: Enabled
Enable Symlinks: Disabled
Enable Pseudo Console Support: Disabled
Enable FSMonitor: Disabled

• Any other interesting things about your environment that might be related
  to the issue you're seeing?

Working on a removable FAT32 drive.

Details

• Which terminal/shell are you running Git from? e.g Bash/CMD/PowerShell/other

PowerShell, also tried on CMD.

• What commands did you run to trigger this issue? If you can provide a
  Minimal, Complete, and Verifiable example
  this will help us understand the issue.

PS I:\mygit> git init abc
Initialized empty Git repository in I:/mygit/abc/.git/
PS I:\mygit\abc> git status
fatal: unsafe repository ('I:/mygit/abc' is owned by someone else)

        git config --global --add safe.directory I:/mygit/abc
PS I:\mygit\abc> git init abc --shared=everybody
Initialized empty shared Git repository in I:/mygit/abc/abc/.git/
PS I:\mygit\abc> cd abc
PS I:\mygit\abc\abc> git status
fatal: unsafe repository ('I:/mygit/abc/abc' is owned by someone else)
To add an exception for this directory, call:

        git config --global --add safe.directory I:/mygit/abc/abc

• What did you expect to occur after running these commands?

show status.

• What actually happened instead?

After GIT_TEST_DEBUG_UNSAFE_DIRECTORIES set to true:

warning: 'I:/mygit/abc' is owned by:
        'S-1-1-0'
but the current user is:
        'S-1-5-21-*********-***

But as said by Microsoft S-1-1-0 is Everyone, since FAT do not support ownership. So when a repo is said to be shared with everyone, it should work.

Adding everything into safe.directory is a solution though, but since it is common to tranfer files and repos using FAT family between Linux and Windows, a more informative warning may be preferred over failing with a misleading failure message.

• If the problem was occurring with a specific repository, can you provide the
  URL to that repository to help us with testing?

N/A

[dscho]

@clzls I tentatively opened a PR at #3887 to skip the ownership test on FAT file systems. However, I am not sure that we should do this, as @rimrul pointed out, it would only paper over the vulnerability.

In any case, could you download https://github.com/git-for-windows/git/suites/6842138545/artifacts/263949471 and verify that the included git.exe does not error out with the ownership message? I hope we can transmogrify that patch into a better error message under GIT_TEST_DEBUG_UNSAFE_DIRECTORIES, but for that to happen, I first need to know that the method I used to detect FAT actually works.

[dscho]

@clzls are you interested in seeing this issue addressed?

[clzls]

@clzls are you interested in seeing this issue addressed?

Sorry for the late reply (preparing for finals). The link is dead now so I could do nothing now...

(Maybe irrelevant: A warning may be preferred, but in my opinion devil configs can just be owned by "yourself" in Windows by simply using some unarchive tools or anything else, so I wonder whether the owner check itself would be useful or not...)