php - git insufficient permission for adding an object to local git server repository -


i have www-data running php controlling git server. www-data user creates unix users (having given sudo adduser), , users supposed control own private git directory, each user can house his/hers repositories.

i've followed this guide @ least ten times, in addition which, i'm following guide in order create git server.

  • apache adds unix user bar, home in /var/www/git/bar , user has no password (--disable-password)

  • the user bar part of group gitusers allows +rwx group members, , has shell set /usr/bin/git-shell.

  • this done www-data can access home directory , populate repositories , ssh keys.

  • the skeleton home directory populated git-shell-commands , user www-data creates /var/www/git/bar/.ssh/authorized_keys appends test user's foo public key.

when www-data adds new user , new repository does:

sudo adduser --disabled password\              --home /var/www/git/bar\              --conf /var/www/conf/adduser.conf\              --ingroup gitusers\              bar

the above ^^ done via php. .ssh , authorized_keys owned www-data.

then www-data proceeds create new directory , initialize it:

  • mkdir /var/www/git/bar/test.git
  • cd /var/www/git/bar/test
  • git --bare init

my test user foo can read ssh (it clones empty repository). once try push initial commit:

git clone ssh://foo@localhost:/var/www/git/bar/test.git cd test touch readme vim readme git add . git commit -m "init" git push origin master foo@127.0.0.1's password: counting objects: 6, done. compressing objects: 100% (2/2), done. writing objects: 100% (6/6), 411 bytes | 0 bytes/s, done. total 6 (delta 0), reused 0 (delta 0) remote: error: insufficient permission adding object repository database ./objects remote: fatal: failed write object error: unpack failed: unpack-objects abnormal exit ssh://foo@localhost:/var/www/git/bar/random.git  ! [remote rejected] master -> master (unpacker error) error: failed push refs 'ssh://foo@localhost:/var/www/git/bar/random.git'

i asked foo user's password (which user public key).

this not unix user owns home directory, user bar has disabled password.

  1. why being asked ssh password? shouldn't ssh key take care of that?
  2. if create bar with password, can use git repository, replacing foo@localhost:/var/www/git/bar bar@localhost:/var/www/git/bar
  3. when don't use ssh:// @ all, still able clone same error when pushing asfoo not bar provided enable password.

what doing wrong?

is because permissions of .ssh , authorized_keys open or not owned bar?

even when go (as sudo) bar homedir , make owned him, still same error.

finally, have set .ssh/config test user foo that:

host localhost      hostname 127.0.0.1      identityfile ~/.ssh/foo      user foo

it turns out indeed permissions. tailing /var/log/auth.log provided insight:

authentication refused: bad ownership or modes directory /var/www/git/bar

googling figured out problem entire home directory accessible group.

so square one, allowing www-data part of group +rwx not possibility, since breaks ssh.

edit:

the comment iveqy wise, using unix users sort of operation overkill , opens potential security holes, since requires escalate user www-data superuser.

i've ended using gitolite-admin following way (i adding future reference on how www-data apache user under debian/ubuntu can control gitolite).

instructions

the webserver apache2 runs www-data on system. php scripts executed www-data. requires enable user administrate our git server automatically.

for gitolite work, requires administrator provides ssh key. in turn requires user www-data (apache2) has pair of ssh keys. key pair must protected else ssh won't work:

  • create new user git home directory in: /var/www/git
  • sudo adduser git --home /var/www/git
  • cd /var/dir/git , remove skeleton files (.bashrc, .profile, .bash_logout)
  • log locally user git: su - git , use password created earlier
  • make sure permissions of git user home dir set 755 (g+rx)
  • create .ssh dir: mkdir .ssh , make private: chmod 700 -r .ssh

now www-data create ssh key (exit git user):

  • go /var/www/ , create ./ssh owned www-data , 700 mask.
  • sudo -u www-data ssh-keygen -t rsa

if went accordingly, copy /var/www/.ssh/id_rsa.pub /var/www/git/.ssh/

  • give ownership of key user git: sudo chown git.git .ssh/id_rsa.pub
  • log in git: su - git
  • make pub key private: chmod 600 .ssh/id_rsa.pub

time install gitolite:

  • git clone git://github.com/sitaramc/gitolite
  • mkdir -p $home/bin
  • gitolite/install -to $home/bin

setup www-data public rsa key used administrator of gitolite:

  • $home/bin/gitolite setup -pk .ssh/id_rsa.pub

you should get:

initialised empty git repository in /var/www/git/repositories/gitolite-admin.git/ initialised empty git repository in /var/www/git/repositories/testing.git/ warning: /var/www/git/.ssh/authorized_keys missing; creating new 1 (this normal on brand new install)

the user git setup. logout: exit

do not touch directory /var/www/git on

we clone locally, , control there. clone user www-data:

  • first create local copy owned www-data: sudo mkdir gitolite-admin && chown -r www-data.www-data gitolite-admin/
  • then execute user www-data command: sudo -u www-data git clone git@localhost:gitolite-admin gitolite-admin/

this clones gitolite-admin in /var/www/gitolite-admin control gitolite server.

for instructions on how control gitolite-server, see: https://github.com/sitaramc/gitolite

from on, gitolite command execute, execute user www-data. command run root or sudo break server!

ps: accept no responsibility if breaks apache configuration. hope helps coming here same reason did: creating git server. i'm open suggestions , better ideas or improvements.


Comments

Post a Comment

Popular posts from this blog

routing - AngularJS State management ->load multiple states in one page -

Image
i developing site in angularjs ui-router. have situation on button click need change , load 3 state page , 3 looks image .please me how can load multiple pages. in 1 page you need configure router config this: $stateprovider .state("state1", { url: "/url1", controller: "firstcontroller", views: { view1: { templateurl: "templates/template1.html" }, view2: { templateurl: "templates/template2.html" }, view3: { templateurl: "templates/template3.html" } } }).state("state2", { url: "/url2", controller: "secondcontroller", views: { view1: { templateurl: "templates/template4.html" }, view2: { templateurl: "templates/template5.html" }, view3: { templateurl: "templates/template6.html" } }).state("state3", { ...
Read more

python - GRASS parser() error -

i'm trying use grass on python 2.7, i'm having problems @ setting script on idle, i'm getting error @ parser() function: here script: import os import sys gisbase = os.environ['gisbase'] = 'c:\program files (x86)\grass gis 7.0.1rc1' gisrc = 'c:\grassdata' gisdbase = 'c:\grassdata' location = 'newlocation' mapset = 'tc' ld_library_path = 'c:\program files (x86)\grass gis 7.0.1rc1\lib' path = 'c:\program files (x86)\grass gis 7.0.1rc1\etc';'c:\program files (x86)\grass gis 7.0.1rc1\etc\python';'c:\program files (x86)\grass gis 7.0.1rc1\lib';'c:\program files (x86)\grass gis 7.0.1rc1\bin';'c:\python27';'c:\program files (x86)\grass gis 7.0.1rc1\python27';'c:\program files (x86)\grass gis 7.0.1rc1\msys' pythonlib = 'c:\python27' pythonpath = 'c:\program files (x86)\grass gis 7.0.1rc1\etc\python' sys.path.append(os.path.join(os.environ['...
Read more

post - imageshack API cURL -

i credentials correct. when send image through form this:(action="http://api.imageshack.com/v2/images/"). working fine when tried send $ch = curl_init($url); failed. code: enter code here <form action="" method="post" enctype="multipart/form-data"> select image upload: <input type="file" name="file" id="file" multiple> <input type="text" name="auth_token" id="auth_token" value="xxxxxxxxxxxxxxxx"> <input type="text" name="api_key" id="api_key" value="xxxxxxxxxxxxxxx"> <input type="submit" value="upload image" > </form> $url = ' http://api.imageshack.com/v2/images/ '; $temp = $_files["file"]['tmp_name']; echo $temp."<br>" ; $ch = curl_init($url); curl_setopt($ch, curlopt_post, true); curl...
Read more