Switching between Git users on the same machine (works), but why do both have access to the other's repository?

Question

I have two GitHub users accounts (private and work). Call them Allison and Bob.

I have a Bash script. Call it: allison_git that does:

ssh-add -D
eval $(ssh-agent -s)
git config --global credential.helper wincred
git config --global credential.useHttpPath true
git config --global user.name Allison
git config --global user.email allison@gmail.com
ssh-add ~/.ssh/allison_git_rsa
ssh -T git@github.com

If all goes well for Allison, I get:

Hi Allison! You've successfully authenticated, but GitHub does not provide shell access.

So I can switch between the users with the script that I have. Great.

However... say that user Bob is for my work and Allison is for my private and I'm working on my work repository, but forgot to switch to Bob. My commit would apply as user Allison and not Bob.

I'm not sure why (I guess because they're on the same computer?!) How can I restrict user Allison to use Bobs repository and reverse? Is my approach to all this with the Bash allison_git / bob_git causing all this?

Note: I added Bob's public key (bob_git_rsa) on his GitHub account (settings-->SSH and PGP Keys), and the same for Allison (allison_git_rsa). The keys are different.

@PeterMortensen thank you for your comment. Acutally I'm working on both windows and mac so I dont remember if the allison_git was on win or mac. — pylos, Jan 05 '23 at 16:06

score 3 · Accepted Answer · answered Oct 20 '22 at 05:10

You could use a conditional gitconfig directive as done here:

# All work Git repositories are in a subdirectory of ~/work.
# All other Git repositories are outside ~/work.
[includeIf "gitdir:~/work/"]
    path = .gitconfig.work

The user name/email in .gitconfig.work would be Bob's, while the default name/email would be Alice for any other repository outside ~/.work.

Note that git config --global credential.helper wincred applies only for HTTPS URL, and is not used if you are authenticated with SSH.

score 1 · Answer 2 · answered Oct 20 '22 at 08:42

There are a number of ways to deal with this—for instance, besides VonC's answer, you could just set up two different login accounts on your laptop—but whatever path you choose, remember these items:

Git does not do any permissions checking. Git relies on some other software to do any required permissions checking. Git just tries to do whatever you ask, and either the computers allow that, or they don't.
Git does not authenticate you to another computer: that's a permissions and access type of thing. Git does have built in support for credential helpers when using https:// URLs, and built in support to invoke ssh when using ssh:// URLs (and the funky user@host:path/to/repo.git abbreviation which is short for ssh://user@host/path/to/repo.git). But that's just so that Git can run these other, external programs that allow for authentication. This goes back to the first point above.
The user.name and user.email setting are nearly arbitrary strings (though you have to use valid text here and can't put angle brackets in the user name for instance) that Git merely stuffs into new commits without really looking at them. They are purely there for information. This goes back to the first point above.

To use different ssh configurations, most people I know that do this use ssh's "host alias" tricks. This works well with the conditional include trick mentioned in VonC's answer, especially when you combine it with Git's url.<replacement>.insteadOf configuration trick.

Switching between Git users on the same machine (works), but why do both have access to the other's repository?

2 Answers2