fix: Do not drop perms in git when not root

Fix: npm/cli#476
PR-URL: #23
Credit: @isaacs
Close: #23
Reviewed-by: @darcyclarke

Author: isaacs

lib/util/git.js

@@ -234,14 +234,17 @@ function spawnGit (gitArgs, gitOpts, opts) {
   })
 }
 
+module.exports._mkOpts = mkOpts
 function mkOpts (_gitOpts, opts) {
   const gitOpts = {
     env: gitEnv()
   }
-  if (+opts.uid && !isNaN(opts.uid)) {
+  const isRoot = process.getuid && process.getuid() === 0
+  // don't change child process uid/gid if not root
+  if (+opts.uid && !isNaN(opts.uid) && isRoot) {
     gitOpts.uid = +opts.uid
   }
-  if (+opts.gid && !isNaN(opts.gid)) {
+  if (+opts.gid && !isNaN(opts.gid) && isRoot) {
     gitOpts.gid = +opts.gid
   }
   Object.assign(gitOpts, _gitOpts)

test/git.mkopts.uid.js

@@ -0,0 +1,22 @@
+'use strict'
+const t = require('tap')
+const { _mkOpts: mkOpts } = require('../lib/util/git.js')
+const getuid = process.getuid
+
+t.test('mkOpts sets perms when root', t => {
+  t.teardown(() => {
+    process.getuid = getuid
+  })
+  process.getuid = () => 0
+  t.match(mkOpts({}, { uid: 1234, gid: 1234 }), { uid: 1234, gid: 1234 })
+  t.end()
+})
+
+t.test('mkOpts does not set perms when not root', t => {
+  t.teardown(() => {
+    process.getuid = getuid
+  })
+  process.getuid = () => 4321
+  t.match(mkOpts({}, { uid: 1234, gid: 1234 }), { uid: undefined, gid: undefined })
+  t.end()
+})