php - git insufficient permission for adding an object to local git server repository -


i have www-data running php controlling git server. www-data user creates unix users (having given sudo adduser), , users supposed control own private git directory, each user can house his/hers repositories.

i've followed this guide @ least ten times, in addition which, i'm following guide in order create git server.

  • apache adds unix user bar, home in /var/www/git/bar , user has no password (--disable-password)

  • the user bar part of group gitusers allows +rwx group members, , has shell set /usr/bin/git-shell.

  • this done www-data can access home directory , populate repositories , ssh keys.

  • the skeleton home directory populated git-shell-commands , user www-data creates /var/www/git/bar/.ssh/authorized_keys appends test user's foo public key.

when www-data adds new user , new repository does:

sudo adduser --disabled password\              --home /var/www/git/bar\              --conf /var/www/conf/adduser.conf\              --ingroup gitusers\              bar

the above ^^ done via php. .ssh , authorized_keys owned www-data.

then www-data proceeds create new directory , initialize it:

  • mkdir /var/www/git/bar/test.git
  • cd /var/www/git/bar/test
  • git --bare init

my test user foo can read ssh (it clones empty repository). once try push initial commit:

git clone ssh://foo@localhost:/var/www/git/bar/test.git cd test touch readme vim readme git add . git commit -m "init" git push origin master foo@127.0.0.1's password: counting objects: 6, done. compressing objects: 100% (2/2), done. writing objects: 100% (6/6), 411 bytes | 0 bytes/s, done. total 6 (delta 0), reused 0 (delta 0) remote: error: insufficient permission adding object repository database ./objects remote: fatal: failed write object error: unpack failed: unpack-objects abnormal exit ssh://foo@localhost:/var/www/git/bar/random.git  ! [remote rejected] master -> master (unpacker error) error: failed push refs 'ssh://foo@localhost:/var/www/git/bar/random.git'

i asked foo user's password (which user public key).

this not unix user owns home directory, user bar has disabled password.

  1. why being asked ssh password? shouldn't ssh key take care of that?
  2. if create bar with password, can use git repository, replacing foo@localhost:/var/www/git/bar bar@localhost:/var/www/git/bar
  3. when don't use ssh:// @ all, still able clone same error when pushing asfoo not bar provided enable password.

what doing wrong?

is because permissions of .ssh , authorized_keys open or not owned bar?

even when go (as sudo) bar homedir , make owned him, still same error.

finally, have set .ssh/config test user foo that:

host localhost      hostname 127.0.0.1      identityfile ~/.ssh/foo      user foo

it turns out indeed permissions. tailing /var/log/auth.log provided insight:

authentication refused: bad ownership or modes directory /var/www/git/bar

googling figured out problem entire home directory accessible group.

so square one, allowing www-data part of group +rwx not possibility, since breaks ssh.

edit:

the comment iveqy wise, using unix users sort of operation overkill , opens potential security holes, since requires escalate user www-data superuser.

i've ended using gitolite-admin following way (i adding future reference on how www-data apache user under debian/ubuntu can control gitolite).

instructions

the webserver apache2 runs www-data on system. php scripts executed www-data. requires enable user administrate our git server automatically.

for gitolite work, requires administrator provides ssh key. in turn requires user www-data (apache2) has pair of ssh keys. key pair must protected else ssh won't work:

  • create new user git home directory in: /var/www/git
  • sudo adduser git --home /var/www/git
  • cd /var/dir/git , remove skeleton files (.bashrc, .profile, .bash_logout)
  • log locally user git: su - git , use password created earlier
  • make sure permissions of git user home dir set 755 (g+rx)
  • create .ssh dir: mkdir .ssh , make private: chmod 700 -r .ssh

now www-data create ssh key (exit git user):

  • go /var/www/ , create ./ssh owned www-data , 700 mask.
  • sudo -u www-data ssh-keygen -t rsa

if went accordingly, copy /var/www/.ssh/id_rsa.pub /var/www/git/.ssh/

  • give ownership of key user git: sudo chown git.git .ssh/id_rsa.pub
  • log in git: su - git
  • make pub key private: chmod 600 .ssh/id_rsa.pub

time install gitolite:

  • git clone git://github.com/sitaramc/gitolite
  • mkdir -p $home/bin
  • gitolite/install -to $home/bin

setup www-data public rsa key used administrator of gitolite:

  • $home/bin/gitolite setup -pk .ssh/id_rsa.pub

you should get:

initialised empty git repository in /var/www/git/repositories/gitolite-admin.git/ initialised empty git repository in /var/www/git/repositories/testing.git/ warning: /var/www/git/.ssh/authorized_keys missing; creating new 1 (this normal on brand new install)

the user git setup. logout: exit

do not touch directory /var/www/git on

we clone locally, , control there. clone user www-data:

  • first create local copy owned www-data: sudo mkdir gitolite-admin && chown -r www-data.www-data gitolite-admin/
  • then execute user www-data command: sudo -u www-data git clone git@localhost:gitolite-admin gitolite-admin/

this clones gitolite-admin in /var/www/gitolite-admin control gitolite server.

for instructions on how control gitolite-server, see: https://github.com/sitaramc/gitolite

from on, gitolite command execute, execute user www-data. command run root or sudo break server!

ps: accept no responsibility if breaks apache configuration. hope helps coming here same reason did: creating git server. i'm open suggestions , better ideas or improvements.


Comments

Post a Comment

Popular posts from this blog

sublimetext3 - what keyboard shortcut is to comment/uncomment for this script tag in sublime -

Image
i have script tag in code, keyboard shortcut comment/uncomment script tag in sublime. after selecting script open , close tag. <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> i pressing ctrl + shift + / , getting this /*<script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script>*/ also pressed ctrl + / , got this // <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> // </script> instead of <!-- <script src="http://code.jquery.com/jquery-latest.min.js" type="text/javascript"> </script> --> script open , close tag in 2 lines not in 1 line , not have spaces too. for mac,high light lines want comment. hold 'command , / ' commented. for windows: high line or select lines ,then hold ctrl + / if not work: ...
Read more

java - No use of nillable="0" in SOAP Webservice -

i have received xsd 3rd party supplier generated java based system; used create soap endpoint receive data transfers. xsd not make use of nillable attribute defined within w3c/xsd namespace, example: <xs:complextype name="customer"> <xs:sequence> <xs:element minoccurs="1" maxoccurs="1" name="id" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="titleid" type="xs:integer"/> <xs:element minoccurs="0" maxoccurs="1" name="firstname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="familyname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" name="previousname" type="xs:string"/> <xs:element minoccurs="0" maxoccurs="1" nam...
Read more

ubuntu - Laravel 5.2 quickstart guide gives Not Found Error -

edit: think problem due not setting apache properly, these 2 links helped me. solution: http://laravel.io/forum/06-11-2014-not-found-but-route-exists https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts end edit i'm following laravel 5.2 quickstart guide. https://laravel.com/docs/5.2/quickstart i'm running ubuntu 14.04.2 the website runs initially, when click on add task button run 404 not found error. as per guide run following commands setup complete quickstart project. git clone https://github.com/laravel/quickstart-basic quickstart cd quickstart composer install php artisan migrate additionally run following commands because i'm on ubuntu server: sudo chown -r www-data.www-data quickstart sudo chmod -r 755 quickstart sudo chmod 777 quickstart/storage the routes.php file looks like: <?php use app\task; use illuminate\http\request; route::group(['middleware' => ['web']]...
Read more