How to prevent root from running git pull?

Question

Have need to prevent root from updating a git (working) directory. Reasoning includes but not limited to: preventing undersired file-system ownership changes.

None of the git hooks seem to prevent a fetch/merge/pull before it happens, similar to pre-commit hook. Or at least, nothing I see here (or in man page): http://www.analysisandsolutions.com/code/git-hooks-summary-cheat-sheet.htm

Thoughts?

Answer 1

The only way I saw this not resolved but at least "mitigated" was through a wrapper for the git command:

All git commands go through this wrapper which proceeds if the user id is not root.

Answer 2

Change /root/.bashrc to add a new directory to the beginning of the PATH. Add a shell script there called git that tests $1 to be one of a few read-only commands (show/status/log/rev-list etc) and calls /usr/bin/git "$@" if the command is acceptable. This will prevent anybody on your team from accidentally running git pull as root. If you are worried about them doing it deliberately, you have bigger problems...