diff --git a/playbooks/test-gitea.yaml b/playbooks/test-gitea.yaml
index 18ab376b5f..86b48a4b35 100644
--- a/playbooks/test-gitea.yaml
+++ b/playbooks/test-gitea.yaml
@@ -22,8 +22,12 @@
       when: '"Zuuls new description" not in zuul_content.content'
     - name: Configure ssh for pushing into test gitea
       shell: |
-        ssh-keyscan -t rsa -p 222 localhost >> .ssh/known_hosts
+        ssh-keyscan -t rsa -p 222 localhost >> /home/zuul/.ssh/known_hosts
         ssh-keygen -t ed25519 -f /home/zuul/.ssh/id_ed25519 -C giteagerrittest -P ''
+      # We become zuul here because we need to git push has zuul later to
+      # ensure the owner of the git repo is the one operating on it.
+      become: true
+      become_user: zuul
     - name: Register new gitea gerrit pubkey value
       slurp:
         src: /home/zuul/.ssh/id_ed25519.pub
@@ -48,6 +52,11 @@
         cd /home/zuul/src/opendev.org/opendev/system-config
         git remote add test-gitea ssh://git@localhost:222/opendev/system-config
         GIT_SSH_COMMAND='ssh -i /home/zuul/.ssh/id_ed25519' git push -f test-gitea master
+      # We run this as zuul because zuul owns the git repo in /home/zuul
+      # and git by default does not want to operate on a git repo as another
+      # user.
+      become: true
+      become_user: zuul
     - name: Clone system-config to check that partial clones aren't breaking stuff
       shell: |
         cd /tmp