I have an problem with my client/server git configuration which is creating permissions issues when there are multiple users pushing changes. My users are getting the error:
remote: error: insufficient permission for adding an object to repository database ./objects
My Configuration
The git repository is located on a NetApp network share. This network share is mounted on a Red Hat (RHEL) 6.4 Linux Server. To create the repository the user logs into the RHEL Server, navigates to where they want the repository (on the mounted share) then run the command:
git init --bare --shared=true repo.git
Each user is works locally on their own Windows 7/10 machine, they have git windows installed, and they have the previously mentioned network share mapped as a drive. To get the repository on their machine they open git-bash and navigate to where they want to clone the repo locally. They then run:
git clone Z:/git_repo_location/repo.git
The Issue
Users are able to push changes to the repository and everythings works fine until they attempt to push changes to a file which someone else had previously edited. This is when the error listed above rears its ugly head.
Reviewing the permissions from RHEL it appears that the folders in repo.git/objects are set to 755.
I believe what is happening is when an objects folder is owned by User A, User B is unable to push changes to the affected files. As a note I have had all users update their umask in git-bash to 0002 (from the default 0022). Also all files/folders in the repo.git repository are owned by group "DTG" and all users working on this repo belong to this group.
Attempted Fixes
I have tried creating/initializing repositories several other ways but each one has the same results:
Create repo2.git
git init --bare repo2.git
cd repo2.git
git config core.sharedRepository group
chgrp -R dtg .
chmod -R g+w .
chmod g+s `find . -type d`
Create repo3.git
git init --bare repo3.git
cd repo3.git
chgrp -R dtg .
chmod -R g+w .
chmod g+s `find . -type d`
git init --bare --shared=all
Create repo4.git
git init --bare repo4.git
cd repo4.git
git config core.sharedRepository true
chgrp -R dtg .
chmod -R g+swX .
chmod g+s `find . -type d`
git init --bare --shared=all
I have also tried having the users clone the repository while setting the local sharedRepository config
git clone --config core.sharedRepository=true Z:/git_repo_location/repo.git
So far the only thing that fixes this issue is if I log into the RHEL machine and add the group permission to the objects folders:
chmod -R g+w repo.git/objects/
The problem is that this is only a temporary bandaid to fix the immediate issue. But as soon as someone pushes changes again I'm left with objects folders missing the group write permisison and the next user will be blocked again.
Any help figuring this out would be greatly appreciated!!! Also if any additional information is needed please let me know. Most of the attempted solutions above come from another similar question How to configure an existing git repo to be shared by a UNIX group
this seems to be a problem of the middle-layer for file-sharing.
assuming you are actually using SAMBA to provide a network share to be mounted from the w32 guests, the umask and similar settings will not help you very much (since permissions are actually handled by the samba server and the w32 client - the latter often trying to make very restrictive files)
you might have luck with something like:
[git]
comment = GIT repositories
path = /path/to/git/repos
read only = No
force group = dtg
create mask = 0664
directory mask = 0775
force directory mode = 0770
force create mode = 0660
Related
On Linux Debian 9, I'm trying to create a git (ver. 1:2.11.0-3+deb9u2) repository within a Cryptomator (ver. 1.3.2) WebDAV server mounted via davfs2 (ver. 1.5.4-2+b1). After running git init to create the git repo, I get the following error:
error: could not lock config file /home/nonrootuser/Documents/mounteddrive/gitrepo/.git/config: Permission denied
fatal: could not set 'core.repositoryformatversion' to '0'
Same issue persists with nonrootuser and root.
To reproduce:
git and davfs2 are available via Debian repositories. Cryptomator 1.3.2 is available here:
https://github.com/cryptomator/cryptomator/releases/tag/1.3.2
Create a blank folder for the davfs2 mount:
cd /home/nonrootuser/Documents/
mkdir mounteddrive
Create a vault with Cryptomator and unlock it. For the unlocked vault, click the dropdown arrow and select Copy WebDAV URL. Paste the WebDAV URL into the following command and run in terminal:
mount -t davfs -o gid=nonrootuser,uid=nonrootuser pasteWebDAVURLhere /home/nonrootuser/Documents/mounteddrive
(hit enter twice, leaving Username and Password blank)
The Cryptomator vault is now mounted to the folder mounteddrive.
In terminal, run the following:
cd /home/nonrootuser/Documents/mounteddrive
mkdir gitrepo
cd gitrepo
git init
Here you should see the error described above. However, a .git folder is still created within the gitrepo directory. When running ls -la in gitrepo, it seems to indicate I have the appropriate permissions, and I can create arbitrary files within the .git folder; what I cannot create is an empty file called config.lock, which I believe is what git is trying to do.
This may be completely off-base, but I've tried turning locks on and off (see use_locks) in the davfs2.conf file that can be edited by running the following as root:
mousepad /etc/davfs2/davfs2.conf
To try to obtain the appropriate permissions to create config.lock, I've tried changing my git user.name to "root" and "nonrootuser":
git config --system user.name "root"
git config --global user.name "root"
and
git config --system user.name "nonrootuser"
git config --global user.name "nonrootuser"
I've also tried running the following in the gitrepo folder as both root and nonrootuser:
chmod -R 777 .git
However, git init still returns an error.
git is working fine on my system outside of cryptomator/davfs2 mounts. I've not used davfs2 previously without cryptomator, so I don't know if the former, latter, or both are the problem.
Any ideas are appreciated.
I am trying to clone a private GitHub repository in a server that I am trying to get up and running on a virtual machine.
No matter what I do, I keep getting the following error:
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I have tried a bunch of things. For starters, I made sure that I made my rsa keys correctly by following GitHub's tutorial. I am also sure that my public rsa key found at ~/.ssh/id_rsa.pub was correctly copied over to my GitHub account's ssh keys.
My config file at ~/.ssh/config looks like the following:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
I have tried cloning a public repository and a private repository, and both don't work.
When I go to clone the repository I am executing the following command:
sudo git clone git#github.mit.edu:<GitHub Name>/<Repo Name>.git
If I execute the command without sudo, I get the following error:
fatal: could not create work tree dir '<Repo Name>'.: Permission denied
I am inside of a Python virtual environment when I do all of this. Does that make any difference?
I have been reading Stack Overflow posts related to this matter, but none of them are helping me address my issue.
Any help would be greatly appreciated! Thank you!
You are using sudo so Git is using ssh keys of user root.
To make this work you'd have to call git without sudo.
So when I don't use sudo I get the error fatal: could not create work
tree dir 'cardlearning'.: Permission denied
Make sure current user has write permission in directory you are executing the clone.
You can't clone into existing directory so as a workaround you can:
$ sudo mkdir tmp
$ sudo chown $USER: tmp
$ git clone git#github.mit.edu:<GitHub Name>/<Repo Name>.git tmp/cardlearning
$ mv tmp/cardlearning ./cardlearning
$ rmdir tmp
Check that your user has permissions to write to the directory you are in.
or execute
git clone git#github.mit.edu:<GitHub Name>/<Repo Name>.git ~/myRepo
to place it in the myRepo subdirectory of your home directory.
Do not use sudo to edit your ssh config when using a ~ referenced path, as you may end up editing the root user's ssh preferences and not your users. Likewise do not clone repositories using sudo as it will attempt to connect using the root user's ssh key.
I am making a web tool and hosting this project on Github. I want to create a repository on my machine (running linux) being able to easily test it on local.
I can test it without problems on /var/www/html (already have apache and php set up), but I am having trouble creating a repository there. However, if I try to create the repo in ~/Documents/Github/PROJECT_NAME it works perfectly; but I can't test my project from there.
How can I create a repo inside /var/www/html where I can put my project files and run them locally without problems?
I tried to run sudo git init then sudo git clone git#github.com:xxx/xxx.git (that is how I clone my repo on ~/Documents/Github/PROJECT_NAME, so I have already exchanged SSH keys with Github) but it didn't work:
Cloning into 'PrerequisiteVisualizer'...
Warning: Permanently added the RSA host key for IP address '192.30.252.129' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
EDIT: I am able to run without problems
mkdir ~/Desktop/TESTING
cd ~/Desktop/TESTING
git init
git clone git#github....
My question is similar to Attempting to use symbolic link for var/www/html but it still is different.
EDIT2: I think I need to clarify why the thread I cited isnt what I am looking for. I saw the solution proposed there but note that, as long as I understood the other thread, they created a directory in his home (~) and made it accessible locally using the per-user web directories. But this is not what I want to do. I just want to "create a repo inside /var/www/html", not in anywhere else.
The problem isn't strictly with /var/www/html, it's with sudo. If you use sudo to do git, you are running it as a different user, which doesn't have access to your private ssh credentials (nor should it have).
In the other thread you pointed to there's an explanation of per user www directories, which should be one way of solving your problem. If it doesn't, you could amend the question with reasoning why it doesn't.
Update: based on the discussion, you want all content within /var/www/html owned by the user operating git repository. That you should be able to do in the way proposed by #rogerovo in a comment to this answer:
sudo chown -R _currentuser_:www-data /var/www/html && chmod -R g+sw /var/www/html
Permissions for /var/www/html folder needs to be changed.
Kindly run this command sudo chmod o+w /var/www/html to give write access to everyone.
Once run, you should be able to transfer files in /var/www/html folder.
We are migrating SVN to Git. On a project.
Everything is well but I have a problem with preserving the permissions (file mode) of some untracked (ignored) dirs and files.
We the following process:
CleanUp the SVM repo (tidy up, clean uncommited stuff and so forth)
svn2git on local environment (migrating from networked SVN - so latest rev, no further commits, this does include a proper authors.txt mapping and proper tracking of branches, tags, etc.)
Create ignored files & dirs li (.gitignore)st - partially automated from svn propget, manual finish (row by row)
Add the remote and push to it (We're using github but it should hardly matter)
At this stage the remote is ready, all the history is converted. Now comes the hard part I want to hot-migrate the server deployments without changing the dirs, moving files or creating symlinks.
Let's say there are two mirrored environments are on two different servers - one for beta and one for prod. Let us say the dir is /var/www/depl/ for example/. The thing is that as every Web project, there are dirs and files that we don't need to track.
I will be writing my steps wit the commands since I think it could also be a nice guide for others.
So the strategy for on the servers is:
Go there cd /var/www/depl/
BackUp to another dir via rsync and preserve the permissions as they are!!
Delete all .svn directories recursively find -type d -name .svn -exec rm -rf {} \;
Init an empty git repo git init (notice we're not using a 'bare' repo)
Add the GitHub remote and call it "origin", also download all branches git remote add -f https://github.com/ORG/REPO
Check status (the local copy should be clean)
Pull (so fetch + merge but it is actually only a merge) git pull origin master
This last step is what breaks my permissions. Remember those files that I don't want/need to track? It now seems that those have their permissions modified.
They are all properly ignored but when I apply the pull/merge it breaks.
OK, for sure the issue is coming from the remote repository and via the merge. And it is not an issue, but rather how the files were commited (with what file modes).
The question is:
At the last step, when pulling the updates in, can I instruct git to preserve the current file permissions for all files? As in the current dir and recursively down?
So: do not change any local permissions?
Yes, maybe I will have a diff and stuff to commit afterwards, but that is not such a big issue as are the broken permissions.
So? Is there a way? The servers are running Linux of course.
Thanks in advance.
Cheers!
Well, I managed to find a way. The 'secret', as I thought, was in using rsync.
I actually solved my issue, while I was writing the question. :)
Anyway, after some research it turns out that rsync --archive will update the target's permissions provided that the timestamps didn't change. The SAMBA mailing list helped a lot!
A prerequisite is that you ensure that NOTHING WILL CHANGE in those dirs - so put the website in maintenance mode, stop all crons. Make it inaccessible so you don't have headaches later.
The migration (after you have migrated all you history into git) steps are as follows:
Take your production env to the SVN stage that you desire - update, checkout etc. Make sure that this is the same as the incommig git copy and/or keep your changes in patches.
BackUp the deployment directory with rsync rsync -av --progress /var/www/depl/ /var/www/deplBackUp1/ - notice that this includes the .svn dirs
Delete the .svn dirs: cd /var/www/delp/ find -type d -name .svn -exec rm -rf {} \;
Now backUp again in a different location rsync -av --progress /var/www/depl/ /var/www/deplBackUp2/ - the goal is to have two copies
Init the new git repo git init
Add a remote git remote add -f REMOTE_NAME https://github.com/ORG/REPO
Pull everything in from the branch you desire git pull origin master
Now rsync back from your (no-.svn dir backUp) rsync -av --progress /var/www/deplBackUp2/ /var/www/depl
You may also want to look into using bare git repositories for your server deployments.
This last step will fix any file mode issues you may have created with your new VCS.
If you ever need to do this and run into trouble, tag me in a comment - I will try to help.
Cheers!
here is the situation: i want to use git to track a directory of preference files that are owned by root.
it would be nice if git commands that don't modify the files (like git status and git diff) can be run as the user (without sudo).
through the following steps, i've created a repo that seems to function in a reasonable manner:
sudo mkdir .git
sudo chmod <user>:<group> .git
git init
git add .
git commit -m "initial commit"
i can run git status and git diff as the user. git checkout ... and git reset ... fail as the user, but seem to run fine when prefixed with sudo.
this seems perfect: no sudo needed to get into the repo and take a look at what's gone on, but to change the tracked files requires an extra level of effort, as it should for system files.
the question is: will this cause me any problems with how git is reading and writing files inside the .git directory? will any commands i need sudo to run end up creating things inside .git with root permission that will then cause problems trying to run commands that don't modify the tracked files as the user?
thanks and advance for any answers.