* Smart HTTP push permissions failure
@ 2016-08-23 15:45 David McGough
2016-08-24 17:00 ` Jeff King
0 siblings, 1 reply; 3+ messages in thread
From: David McGough @ 2016-08-23 15:45 UTC (permalink / raw)
To: git
Hi Git Community!
I'm trying to get Git on the server. I installed Git and httpd on Centos 7 and configred for smart http. I created a project on my local git and I cloned it to a base repository:
git clone --bare DataConversion DataConversion.git then I scp it to the server: scp -r DataConversion git@xx.xx.xx.xx:/opt/git/repository/product/tools. Then on the server for the project I ran git config core.sharedRepository group
I added a remote server to my local project: git remote add origin http://xx.xx.xx.xx/git/product/tools/DataConversion.git
git remote -v shows:
origin http://xx.xx.xx.xx/git/product/tools/DataConversion.git (fetch)
origin http://xx.xx.xx.xx/git/product/tools/DataConversion.git (push)
When I try to push to the server I get this message:
remote: error: insufficient permission for adding an object to repository database ./objects
remote: fatal: failed to write object
Fwiw I can clone the project from the server to my local.
Here are the permssions on the project and the objects folder.
[git@services-git DataConversion.git]$ pwd
/opt/git/repos/product/tools/DataConversion.git
[git@services-git DataConversion.git]$ ll
total 24
-rwxrwxr-x. 1 git staff 196 Aug 23 11:24 config
-rwxrwxr-x. 1 git staff 73 Aug 22 15:28 description
-rwxrwxr-x. 1 git staff 23 Aug 22 15:28 HEAD
drwxrwxr-x. 2 git staff 4096 Aug 22 15:28 hooks
drwxrwxr-x. 2 git staff 20 Aug 22 15:28 info
drwxrwxr-x. 65 git staff 4096 Aug 22 16:50 objects
-rwxrwxr-x. 1 git staff 98 Aug 22 15:29 packed-refs
drwxrwxr-x. 4 git staff 29 Aug 22 15:29 refs
[git@services-git DataConversion.git]$
[git@services-git DataConversion.git]$ cd objects
[git@services-git objects]$ ll
total 12
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 06
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 08
drwxrwxr-x. 2 git staff 96 Aug 22 15:28 0a
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 17
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 19
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 1c
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 24
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 29
drwxrwxr-x. 2 git staff 4096 Aug 22 15:28 30
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 32
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 33
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 3d
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 3f
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 41
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 4b
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 57
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 5a
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 5d
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 5f
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 64
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 65
drwxrwxr-x. 2 git staff 4096 Aug 22 15:28 69
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 6d
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 70
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 74
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 7a
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 7b
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 7c
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 84
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 89
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 8a
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 8c
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 93
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 9d
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 a0
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 a2
drwxrwxr-x. 2 git staff 4096 Aug 22 15:28 a3
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 a6
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 ab
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 af
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 b1
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 b7
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 b8
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 c3
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 c8
drwxrwxr-x. 2 git staff 96 Aug 22 15:28 c9
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 cb
drwxrwxr-x. 2 git staff 51 Aug 22 15:28 cf
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 d1
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 d8
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 d9
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 db
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 dc
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 e1
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 e7
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 e9
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 ea
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 ed
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 f0
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 f3
drwxrwxr-x. 2 git staff 51 Aug 22 15:29 f5
drwxrwxr-x. 2 git staff 6 Aug 22 15:29 info
drwxrwxr-x. 2 git staff 6 Aug 22 15:29 pack
apache and git users are both in the staff group, and staff group is their default group. I have also tried to use the set group id bit but to no avail. http://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html
[root@services-git DataConversion.git]# groups apache
apache : staff git
[root@services-git DataConversion.git]# groups git
git : staff apache
So I am pretty confused about what the issue. Which OS user is git using to write the files? I hope somebody can help me understand why the project cannot be pushed to the git server.
Thanks,
Dave
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Smart HTTP push permissions failure
2016-08-23 15:45 Smart HTTP push permissions failure David McGough
@ 2016-08-24 17:00 ` Jeff King
2016-08-25 18:33 ` David McGough
0 siblings, 1 reply; 3+ messages in thread
From: Jeff King @ 2016-08-24 17:00 UTC (permalink / raw)
To: David McGough; +Cc: git
On Tue, Aug 23, 2016 at 03:45:33PM +0000, David McGough wrote:
> When I try to push to the server I get this message:
> remote: error: insufficient permission for adding an object to repository database ./objects
> remote: fatal: failed to write object
> [...]
> So I am pretty confused about what the issue. Which OS user is git
> using to write the files? I hope somebody can help me understand why
> the project cannot be pushed to the git server.
For a smart-http push, it will be whatever user the web server execs the
CGI as. So I'd think "apache" would be the default, but it's possible
that it runs CGIs as a different user, depending on your config.
One possibility may be to add a simple shell script CGI that does
something like:
#!/bin/sh
echo "Content-type: text/plain"
echo
id
just to see what's happening.
Based on the data you showed, here are some wild possibilities I can
think of:
- the CGI runs as "apache", but your files are owned by "git".
"apache" is in the "staff" group, and the directories all have write
permission for that group. But are we sure that apache does not shed
any group permissions when running a CGI? The "id" script above
should hopefully show that.
- You mentioned CentOS. It has been a while since I dealt with RHEL
and its derivatives, but I think selinux is turned on by default
there. Is it possible that the webserver runs in an selinux profile
that does not allow writing to the repository directory?
I don't recall the specifics of debugging selinux problems, but
there may be logs there.
Sorry those are just stabs in the dark, but I don't see anything else
obviously wrong with what you've posted.
-Peff
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: Smart HTTP push permissions failure
2016-08-24 17:00 ` Jeff King
@ 2016-08-25 18:33 ` David McGough
0 siblings, 0 replies; 3+ messages in thread
From: David McGough @ 2016-08-25 18:33 UTC (permalink / raw)
To: Jeff King; +Cc: git
Thank you for your reply Jeff. I have moved on to installing GitLab. It has been a success so far.
Thanks,
Dave
-----Original Message-----
From: Jeff King [mailto:peff@peff.net]
Sent: Wednesday, August 24, 2016 1:00 PM
To: David McGough <dmcgough@opentext.com>
Cc: git@vger.kernel.org
Subject: Re: Smart HTTP push permissions failure
On Tue, Aug 23, 2016 at 03:45:33PM +0000, David McGough wrote:
> When I try to push to the server I get this message:
> remote: error: insufficient permission for adding an object to
> repository database ./objects
> remote: fatal: failed to write object
> [...]
> So I am pretty confused about what the issue. Which OS user is git
> using to write the files? I hope somebody can help me understand why
> the project cannot be pushed to the git server.
For a smart-http push, it will be whatever user the web server execs the CGI as. So I'd think "apache" would be the default, but it's possible that it runs CGIs as a different user, depending on your config.
One possibility may be to add a simple shell script CGI that does something like:
#!/bin/sh
echo "Content-type: text/plain"
echo
id
just to see what's happening.
Based on the data you showed, here are some wild possibilities I can think of:
- the CGI runs as "apache", but your files are owned by "git".
"apache" is in the "staff" group, and the directories all have write
permission for that group. But are we sure that apache does not shed
any group permissions when running a CGI? The "id" script above
should hopefully show that.
- You mentioned CentOS. It has been a while since I dealt with RHEL
and its derivatives, but I think selinux is turned on by default
there. Is it possible that the webserver runs in an selinux profile
that does not allow writing to the repository directory?
I don't recall the specifics of debugging selinux problems, but
there may be logs there.
Sorry those are just stabs in the dark, but I don't see anything else obviously wrong with what you've posted.
-Peff
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-08-25 18:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-23 15:45 Smart HTTP push permissions failure David McGough
2016-08-24 17:00 ` Jeff King
2016-08-25 18:33 ` David McGough
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.