I'm trying to clone a private git repo into an Amazon AWS EC2 instance (Bitnami MEAN stack running Linux)
I have created ssh keys for the user "bitnami" and added the public key to my Github account.
Problem is that the user "bitnami" does not have sufficient permissions:
bitnami#ip-xxx-xx-xx-xx:~/apps$ git clone git#github.com:MyGitUserName/MyRepoName.git
fatal: could not create work tree dir 'MyGitRepo'.: Permission denied
One solution would be to switch to root user:
$ sudo su
But to my surprise the ssh keys I generated for the "bitnami" user do not exist for root user. At least, the /.ssh directory is missing the ssh keys when I switch to root user and reappear when I change back to the "bitnami" user.
So, what the best approach here? I want the "bitnami" user to have read/write/executable rights to the ~/apps folder.
Looking at this answer:
Could not create work tree dir 'example.com'.: Permission denied
I tried:
sudo chown -R bitnami apps
But I get the same error
Okay, I know why it failed.
When going:
sudo chown -R bitnami apps
I needed to run that command as root and not as the user I'm granting the rights to.
Related
I have done the following steps to setup ssh deployment keys with our git repo for it to be able to git pull without a username and password:
Note: I am on AWS EC2 / Ubuntu 14.04.3
Run ssh-keygen -t rsa -b 4096 -C "ownersEmail#gmail.com" these are then saved as id_rsa and id_rsa.pub in ~/.ssh/
The deployment public key (id_rsa.pub) is added on the GitHub online UI in the deployment keys section
The directory is already cloned in /var/www/ directory, this is working all good via HTTPS for pulling
Try sudo git pull git#github.com:ownersUsername/OurRepo.git and get the following error
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Another Note: This repository is private under another users account.
Also, when I try ssh git#github.com I get:
Hi userName/Repo! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
And the deployment key comes up as being used. Have been on this issue for greater than 4 hours now and any would would be very much appreciated, thanks.
The problem is you're using sudo, which runs the command as root, and it will try to use the root's keys not your user's keys.
What you want to do is:
give your user/group write access to /var/www
run the pull/clone as the user, not the root user.
When you do a git pull you don't need the link.
git pull <remote> <branch>
You need the full url for the clone command
sudo git clone git#github.com:ownersUsername/OurRepo.git
To test if your ssh key is good use this:
git fetch --all --prune
I have git clone repo on my home/myuser directory. I want to give another user permission to be able to update it. That user does not have sudo rights.
git repo is in this directory: /home/myuser/gitrepo/
When another user goes to that directory and tries to update it with:
/home/myuser/gitrepo/ git remote update
It gets this error:
error: cannot open .git/FETCH_HEAD: Permission denied
How could I give that user access to only update that repo?
You could try and protect your repo with a group which has only two members: you and the other user.
See "How do I share a Git repository with multiple users on a machine?"
chgrp -R <whatever group> gitrepo
chmod -R g+swX gitrepo
umask 002
The other option is to make sure your system umask is repected, with
git init --shared=group
# Or, for an existing repo
git config core.sharedRepository true
The best practice remains to delegate the authorization to a third-party framework like gitolite, based on the authentication of a ssh daemon or an http server.
I'm trying to get a fairly simple deploy process going for a Node app using Gitolite. I have Gitolite setup and working on my server, and I'm able to push to it fine.
Gitolite is running under a user called git, and I've setup a node user that I'm hoping to use to run the Node app.
My plan is to push the Node app to Gitolite, and then use a post-receive hook script to move the app files to the directory where the app lives, in this case /var/local/node-apps/my-node-app/. I created the Node app folder like this:
sudo mkdir -p /var/local/node-apps/my-node-app
sudo chown node /var/local/node-apps/my-node-app
The problem is that I'm a Unix noob and I haven't got my head round file/folder permissions and wotnot.
/var/local/node-apps (and also /var/local/node-apps/my-node-app) is owned by the node user, so when the git user tries to checkout to this location I get a bunch of permission denied errors. The command I'm using in the post-receive is:
GIT_WORK_TREE=/var/local/node-apps/my-node-app git checkout -f
And I get errors like this:
remote: error: git checkout-index: unable to create file XXXX (Permission denied)
remote: fatal: cannot create directory at 'XXXX': Permission denied
What's the best way to resolve this? Do I need to grant the git user password-less sudo rights to su as the node user? Or can this be somehow fixed by changing groups and folder permissions? Or a different approach entirely? I'm lost!
Thanks!
Using sudo would certainly work, you have one example at "post-receive hook permission denied “unable to create file” error", wrapping the git commands in a script.
Changed post-receive to:
sudo sh /usr/local/sbin/prgetsimpleappscom
Changed sudoers with visudo
git ALL = (root) NOPASSWD: /bin/sh /usr/local/sbin/prgetsimpleappscom
The other approach would be a cron job as node user regularly fetching and (if there are new commit) pulling in the destination repo.
In my ternimal when I run
git clone -q git#codebasehq.com:zzzz/yyyy/plat.git
I am able to clone the project but if I run
sudo git clone -q git#codebasehq.com:zzzz/yyyy/plat.git
and give the correct password I get
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
any idea why is this ?
Your root user just don't have the right public key in /root/.ssh.
Your user surely has one in ~/.ssh, but root does not.
codebasehq uses public/private key pair for authentication, so when you sudo you're trying to auth with root's key pair, which isn't the same as yours.
I think its really simple.
When you run the git clone with sudo you run it under the root user. And i think your root user has no valid public key to clone the repo.
There are some methods to enable only the key authentification.
I have set up a git repository on my server. Created a new user 'git'. My repos are located in /srv/git/example.git. I was able to git remote add origin git#domain/srv/git/example.git then I added and committed my changes.
However when I tried git push origin master it failed on:
fatal: unable to create temporary file: permission denied' and 'fatal: sha1 file write error: invalid argument'
On the server I ran:
sudo chown -R git:git /srv/git/`
This fixed my problem but I am wondering if this was the correct thing to do?
On the server I ran sudo chown -R git:git /srv/git/ - this fixed my problem but I am wondering if this was the correct thing to do?
Absolutely. The problem previously was that the git user, who you're logging in as via SSH, could not write to the repository.
Depending on your needs, you may consider different combinations of users and SSH keys, or one of the many additional programs (gitolite etc) that can be used to more finely control access.
First, fix file permissions in your remote .git dir e.g.
sudo chmod -R ug+w /var/www/.git
sudo chown -R git:git /var/www/.git
or root:root if you want to assign members of root group for push access.
Then git repository on the destination host needs to be set as shared, so the following command on remote needs to be run:
git config core.sharedRepository group