diff --git a/lib/util/git.js b/lib/util/git.js
index 7991833a..d2282bae 100644
--- a/lib/util/git.js
+++ b/lib/util/git.js
@@ -234,14 +234,17 @@ function spawnGit (gitArgs, gitOpts, opts) {
   })
 }
 
+module.exports._mkOpts = mkOpts
 function mkOpts (_gitOpts, opts) {
   const gitOpts = {
     env: gitEnv()
   }
-  if (+opts.uid && !isNaN(opts.uid)) {
+  const isRoot = process.getuid && process.getuid() === 0
+  // don't change child process uid/gid if not root
+  if (+opts.uid && !isNaN(opts.uid) && isRoot) {
     gitOpts.uid = +opts.uid
   }
-  if (+opts.gid && !isNaN(opts.gid)) {
+  if (+opts.gid && !isNaN(opts.gid) && isRoot) {
     gitOpts.gid = +opts.gid
   }
   Object.assign(gitOpts, _gitOpts)
diff --git a/test/git.mkopts.uid.js b/test/git.mkopts.uid.js
new file mode 100644
index 00000000..b0b6eefa
--- /dev/null
+++ b/test/git.mkopts.uid.js
@@ -0,0 +1,22 @@
+'use strict'
+const t = require('tap')
+const { _mkOpts: mkOpts } = require('../lib/util/git.js')
+const getuid = process.getuid
+
+t.test('mkOpts sets perms when root', t => {
+  t.teardown(() => {
+    process.getuid = getuid
+  })
+  process.getuid = () => 0
+  t.match(mkOpts({}, { uid: 1234, gid: 1234 }), { uid: 1234, gid: 1234 })
+  t.end()
+})
+
+t.test('mkOpts does not set perms when not root', t => {
+  t.teardown(() => {
+    process.getuid = getuid
+  })
+  process.getuid = () => 4321
+  t.match(mkOpts({}, { uid: 1234, gid: 1234 }), { uid: undefined, gid: undefined })
+  t.end()
+})