git pre-receive hooks.

In my attempts to block users from committing code as root users which I mentioned in my previous blog post; I’ve identified an unusual behavior in git.


Git pre-receive hooks do not have any parameters passed in, but rather query stdin for parameters.

To demonstrate, create the following file on your git server


set -x

echo "$# parameters have been passed in"


Then try and push code


spencer@workstation:/tmp/hooktest3$ git push
Counting objects: 11, done.

Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (9/9), 731 bytes | 0 bytes/s, done

remote: + echo '0 parameters have been passed in'

The correct way to evaluate the incoming commit is with


while read oldsha newsha refname; do
    case $oldsha,$newsha in
    *,$NULL_SHA1) # it's a delete
        echo "delete request received";;
    $NULL_SHA1,*) # it's a create
       echo creating $newsha";;
    *,*) # it's an update
        echo "updating with $newsha";;

So why is this important?
This is the only way to parse an incoming git commit. You can then evaluate the commit to see who the author is, what type of commit ect..

Thanks go to torek for pointing this out on my stack overflow question here:

About spuder
spuder is a "super computer" support engineer by day, and tinkerer / hobbyist by night.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: