I want to create an own git server. I started with a root user and here is the following I did:
mkdir /srv/git/project.git
useradd -r -d /srv/git git
passwd git
Now I have a new user git (can log in via su git from my root account).
I want to login via git#mywebsite.com without the use of a password. Right now, it will ask for a password every time.
For root, I have my SSH public key in .ssh/authorized_keys. The key should also work for git. Do I have to add another authorized_keys file for this git user? With my useradd command, I do not create a home directory where I could add it, so where should it go?
Thank you all for your help!
Run sudo tail -f /var/log/auth.log and attempt to login once more from a different console. You will see now the lag that should tell you why exactly the login was denied.
In my case there were wrong permissions for the home folder.
You did create a home directory, it just isn't sitting under /home.
/srv/git
Under that directory create a .ssh directory, fix the permissions:
mkdir /srv/git/.ssh
chmod 0700 /srv/git/.ssh
Create a new authorized_keys file with the public key in it, fix the permissions:
vim /srv/git/.ssh/authorized_keys # or method of your choice
chmod 0600 /srv/git/.ssh/authorized_keys
Related
Starting point:
Ubuntu 20.04
Gitolite (/home/git/)
Webspace /var/www/webspace (usually owned by www-data:www-data)
Git user (in www-data group and also tried without beeing in group)
I want to update the webspace as git user with post-receive to a www-data directory. I had it archived before I installed Gitolite, but it doesn't seem to work the same way as it did before (or I am missing something). To make it clear: post-receive is executed after pushing (which it's normally not on Gitolite) ... was a hard time too to archive that.
Edit: To make it clear: I want to archive that Git and www-data can access and modify the same files.
What Ive tried:
chmod 777 -R /var/www/webspace (after this git can access but nginx returns with 403?)
Adding Git-User to www-data group
chown www-data:git -R /var/www/webspace
chown git:www-data -R /var/www/webspace
chown git:git -R /var/www/webspace
chown www-data:www-data -R /var/www/webspace (with and without git inside group)(with and without 777)
Executing post-receive manually (Operation not permitted)
Executing post-receive manually as root (well ... works of course, but thats not the point)
... maybe also some steps more which Im maybe missing rn
What Ive noticed so far:
On the contrary to Git, Gitolite checks the repo out with -rw------ (If i remember correctly), maybe that is why its not working with gitolite but with Git
The code (not that it would be important, but just to list everything):
post-receive
#!/bin/sh
GIT_WORK_TREE=/var/www/webspace git checkout -f
Maybe Im just missing something, but please help me.
Try and follow "adding other (non-update) hooks" in order for Gitolite to call the relevant post-receive hook.
add this line in the rc file, within the %RC block, if it's not already present, or uncomment it if it's already present and commented out:
LOCAL_CODE => "$ENV{HOME}/local",
put your hooks into that directory, in a sub-sub-directory called "hooks/common":
# log on to gitolite hosting user on the server, then:
cd $HOME
mkdir -p local/hooks/common
cp your-post-receive-hook local/hooks/common/post-receive
chmod +x local/hooks/common/post-receive
run gitolite setup to have the hooks propagate to existing repos (repos created after this will get them anyway).
Add user (git in my case) to group of webspace (www-data for me)
sudo usermod -a -G www-data git
If you were logged in as user logout to reload the group.
logout
#or
exit
#or
CTRL+A+D
(If you want to recheck the group login as this user and type "groups" to see the groups the user is in)
Make sure the webspace is owned by the correct group. For me:
sudo chown www-data:www-data -R /var/www/webspace
(If you want to recheck this you can go in the directory and type "ls -g")
In my case I had to modify my "post-receive" a bit, because the permissions were always -rw----- after checking out, so here is my "post-receive":
#!/bin/sh
GIT_WORK_TREE=/var/www/webspace git checkout -f #default line to checkout
chmod -R a+r /var/www/webspace #added by me because of permission issues
For convenience I had my "post-receive" in the repo directory (/home/git/repositories/repo/hooks/post-receive). The docs tell you to create a new folder (/home/git/local/specific-hooks/repo/post-receive (but they tell to name it on your own))
*All paths, names, groups and permissions written above only apply to me. They may differ for you installation.
What really solved my problem:
Logout after you change groups
Change permission (chmod) in post-receive
As a web developer I always have the problem when updating PHP (and other) files from an SSH client, because I am logged in as a user or simply root.
After that update I always have to run manually from a terminal 'chown -R apache:apache *' to make the files accessible.
I tried to make a user ID and add it to the group 'apache' and add the apache user to the group of my user id. That works only for existing files on the server file system, because newly created files have permissions rwxr--r-- which does not allow writing by my user even as it is in the 'apache' group.
I'd like to make a login (shell is not needed) for the Apache user, so I can use an SSH based file browser like Forklift to login as Apache or use sshfs to mount as Apache user.
Another way is make umask that my user id always sets attributes of newly created files from sshfs mount or a file browser (mounted with my user id, not root) that they have permission rwxrwxr-- (i.e. 0775) by default.
Is there a way I can upload files to the server (updating existing op create new ones) without having to worry about permissions by Apache ?
You have to set the setgid
For example, do the following steps:
adduser hugo
addgroup apache
usermod -a -G apache hugo
mkdir /tmp/example
chown hugo:apache /tmp/example
chmod g+s /tmp/example
su hugo
cd /tmp/example
touch my_file
ls -l
I am new to linux and I am trying to clone a project into a folder that am currently in contained in opt/lampp/htdocs using the command git clone git#gitlab.com:whatever . but i am getting a permission denied error. What can i do to resolve this issue
update httpd.conf
sudo gedit /opt/lampp/etc/httpd.conf
Find
User nobody
Group nogroup
Replace nobody with your username
Change the ownership of htdocs
sudo chown -R username:username /opt/lampp/htdocs
Change the file permissions of htdocs folder
sudo chmod -R 775 /opt/lampp/htdocs/
Restart your machine
Clear your browser cache
You can also give the folder full permissions like this:
sudo chmod -R 777 /opt/lampp/htdocs/
or sudo chown -R $USER:$USER /opt/lampp/htdocs
I already have my username correctly wrote in user in the httpd.conf file, and still had the same problem. Finally, I found the solution changing the port number:
In the same file look for Local:8888 and change 8888 to 80
try to give full permission to your htdocs folder
sudo chmod 777 opt/lampp/htdocs
Then it will ask for password enter and go ahead. learn More Here :)
Permission denied is exactly what it says. You do not have permission to write to this folder. You can either git clone the repo as a root using sudo git clone (...) or change permissions to this folder. sudo chmod a+w <path> and then git clone it normally. You can also clone the repository to some other folder to which you already have permissions to write to.
I have created passwordless ssh for localhost. I test it and work fine.Now when I create a new user with following command
sudo useradd -d /home/testuser -m -g impadmin impadmin_test
then after if I tri ssh localhost
then it asks for password. can anybody help me what may be the reason behind this.
The issue arrise because when add a user in the same group then it decreases the permissions of .ssh folder and its child files, so after adding new user just increase the permission of .ssh folder by
sudo chmod -R 700 .ssh
Then ssh localhost will work fine
I have an id_rsa and id_rsa.pub on my computer also tied into my BitBucket account.
As I understand I can use this public key anywhere I please (as long as my private matches).
The Problem: I cannot figure out how to get any server to accept the public key, do you see what I've done wrong?
$ cat id_rsa.pub >> authorized_keys
$ service ssh restart (I suppose this isn't needed)
$ git pull origin master
$ Permission denied(publickey)
What am I doing wrong? I've been stuck for days.
If you copied your root's authorized_keys you may have to do more than you are used to:
chmod 700 .ssh
sudo chmod 640 .ssh/authorized_keys
sudo chown $USER .ssh
sudo chown $USER .ssh/authorized_keys
Where $USER is your linux username.
Make sure the permissions on ~/.ssh are 700 i.e. only accessible by the owner, and the permissions on the public and private key files are not writable except by the owner.
Make sure the key files are in ~/.ssh !
Make sure the key is being used (try ssh'ing to the right user # the bitbucket server using ssh -v)
You need to copy the content of id_rsa.pub to the bitbucket avcount its in the settings page
For more info https://confluence.atlassian.com/display/BITBUCKET/How+to+install+a+public+key+on+your+Bitbucket+account