I need some help configuring a samba share as gitlab data folder.
I've tried following suggestions here:
change the data directory gitlab to store repos elsewhere
and the official documentation to no avail.
Here is what I did:
1] I've installed gitlab 7.6.2 using the omnibus package and I've also checked that everything worked using the preconfigured /var/opt/gitlab/git-data folder
2] I've mounted my samba share (located on a nas server) on /media/gitlab-data by modifying my /etc/fstab file.
Here is the fstab line:
//xxx.xxx.x.xx/test /media/gitlab-data cifs username=xxx,password=xxx 0 0
the user I'm using to connect has full permissions on the share.
After the mount operation the permissions on that folder are the following:
Initial permissions
3] I've modified the configuration of gitlab in /etc/gitlab/gitlab.rb changing the gitlab_user_data parameter to
/media/gitlab-data
I've then proceeded with a
sudo gitlab-ctl reconfigure
At the end of the reconfigure script the privileges of my share are:
Permissions after reconfigure
and the initial gitlab-satellites and repositories folder have been created succesfull.
Now, the gitlab web interface is fully operational but I'm unable to create a new project (or add a new user). As soon as I click 'Create project' the web interface returns with the following error:
Failed to create repository
I'm quite sure it is a permission problem but I don't know how to solve this.
I also add 2 strange things:
1] I wasn't able to find any error inside the logs related to this operation. The only related message I see is inside the gitlab-shell log:
I, [2015-01-13T14:27:50.408394 #1658] INFO -- : Adding project root/test.git at .
2] The test.git folder inside /media/gitlab-data is indeeed created but, doing an ls -la on my mounted folder returns this permissions:
drwxrwxrwx 3 1024 users 0 Jan 13 14:27 .
drwxrwxrwx 3 git git 0 Jan 13 14:27 ..
drwxrwxrwx 7 1024 users 0 Jan 13 14:27 test.git
Probably something is trying to make a chown on these folder and that command ultimately fails.
I also don't know who is the owner of this 1024 uid.
Any help is appreciated.
Thanks in advance!
This is because it cannot create a symlink to the file:
/opt/gitlab/embedded/lib/ruby/2.1.0/fileutils.rb:355:in `symlink': Operation not supported # sys_fail2 - (/opt/gitlab/embedded/service/gitlab-shell/hooks, /<path>/gitlab/git-data/repositories/root/repo.git/hooks) (Errno::EOPNOTSUPP)
from /opt/gitlab/embedded/lib/ruby/2.1.0/fileutils.rb:355:in `block in ln_s'
from /opt/gitlab/embedded/lib/ruby/2.1.0/fileutils.rb:1595:in `fu_each_src_dest0'
from /opt/gitlab/embedded/lib/ruby/2.1.0/fileutils.rb:353:in `ln_s'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_projects.rb:28:in `create_hooks'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_projects.rb:99:in `add_project'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_projects.rb:48:in `exec'
from /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-projects:31:in `<main>'
I just commented out line 28 in /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_projects.rb and was then able to create the project.
Related
I am trying to setup Docker with Jenkins and I need to read /var/run/docker.sock.
I tried temporarily to set permission 666 on file /var/run/docker.sock but when I try to read it as jenkins user it says permission denied.
As far as I know if file permission is 666 any user can read it.
srw-rw-rw- 1 root docker 0 Oct 17 17:05 docker.sock
drwxr-xr-x 31 root root 1100 Oct 17 17:05 run
Directory permission is not issue, /run directory has permission 755. Selinux is disabled. Jenkins user is part of docker gorup.
I do not know what is the problem.
Kind regards,
Ivan
create jenkins user on your host
get this user id
change ownership of /var/jenkins_home to fetched id.
I found the problem, I was mounting /etc/passwd and /etc/groups to docker container but for some reason docker didn't correctly added jenkins user to docker group inside container.
I had to add group_add: - <docker_group_id> inside docker-compose file. Now everything is working as expected.
I thought that there was some problem with Centos OS but I found out that someone already had this problem documented at this link: Linux user groups missing when user mounted to container
I hope this information will help someone.
I using the following Dockerfile to extend a docker image:
FROM solr:6.6
COPY --chown=solr:solr ./services-core/search/A12Core /A12Core/
Note that solr:6.6 has a USER solr statement.
When running a container built from that Dockerfile I get a permission denied when trying to access a file or directory under /A12Core:
$ docker run -it 2f3c58f093e6 /bin/bash
solr#c091f0cd9127:/opt/solr$ cd /A12Core
solr#c091f0cd9127:/A12Core$ cd conf
bash: cd: conf: Permission denied
solr#c091f0cd9127:/A12Core$ ls -l
total 8
drw-r--r-- 3 solr solr 4096 Aug 31 14:21 conf
-rw-r--r-- 1 solr solr 158 Jun 28 14:25 core.properties
solr#c091f0cd9127:/A12Core$ whoami
solr
solr#c091f0cd9127:/A12Core$
What do I need to do in order to get permission to access the fiels and folders in the /A12Core directory?
Note that I'm running the docker build from windows 7. My docker version is 18.03.0-ce.
Your directory does not have execute permission:
drw-r--r-- 3 solr solr 4096 Aug 31 14:21 conf
Without that, you cannot cd into the directory according to Linux filesystem permissions. You can fix that in your host with a chmod:
chmod +x conf
If you perform this command inside your Dockerfile (with a RUN line), it will result in any modified file being copied to a new layer, so if you run this recursively, it could double the size of your image, hence the suggestion to fix it on your build host if possible.
I had another answer here, which was wrong (but still solved your problem :), but now I see the typo in your Dockerfile. Let's take a look at this line.
COPY --chown=solr:solr ./services-core/search/A12Core /A12Core/
The COPY command checks if the target path in the container exists. If not, it creates it, before copying.
It takes A12Core from ./services-core/search.
Then it checks if path /A12Core exists.
Obviously, it does not. So, the command creates it with permissions root:root.
Lastly, it copies contents of A12Core to newly created A12Core.
In the end your have everything in /A12Core, but it belongs to root and you can't access it.
Since solr docker image already sets USER solr, the way to go would be
RUN mkdir /A12Core
COPY ./services-core/search/A12Core /A12Core
As the docs say
The USER instruction sets the user name ... the user group ... for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile.
Im using gitlab-runner to deploy my php application to nginx web server.
To deploy im using this steps:
1. delete all files in folder /var/www/site
2. move files from gitlab repository to /var/www/site
All these actions are performed only after pushing to repository new changes.
I have a problem. Files that copied to /var/www/site owned by gitlab-runner.
After uploading file from post form, files owned by www-data (nginx user).
After next push, gitlab cant deploy because it's failed on first step. user gitlab-runner hasn't right to delete www-data files.
I cant change nginx user to gitlab-runner for a reason, and i don't know how to change gitlab-runner to another user.
Anyone can help me?
You can use the command chown to change the owner of a file.
chmod uu:gg will set the owner of the file to uu and the group to gg.
You can change permissions of a file with chmod command.
chmod g+w will give write access to file to users of the group of
With this commands you should be able to set the group of the files to a group compatible with git-lab (check initial group of files with ls -l command)
I am currently using CentOS 6.5 and trying to share files over a samba share. On the other machine is Windows 8 x64. I am able to transfer folders from Windows to CentOS over without issues but however, when I try to copy a single file over to CentOS, I get permission denied error on Windows.
Permissions of the folder is as follows:
drwxrwxrwx. 5 user01 smbusers 4096 Feb 28 23:23 srv
And the smb.conf:
[srv]
comment = Data
path = /srv
browseable = yes
writable = yes
read only = no
valid users = #smbusers
workgroup = WORKGROUP
create mask = 0775
directory mask = 0775
I would like to know what is the problems that is preventing me from copying files over but not folders. Contents inside the folders get copied over without issues. Help appreciated. Thanks in advance!
Try to change the owner of directory/folder where you are going to copy the file in CentOS from Windows, it's usually done by chown command. For example if you want to the change the owner of directory named share from root to your_user_name, you can do this by following command,
sudo chown your_user_name share
This will change the owner of share folder to your login user.
Hope you are good. I have Xammp on fedora and changed owner of opp/lampp/htdoc to root. Why I did so because whenever someone creates new folder through sharing, they don't have permission to dynamically create folder or files or to write images. Then I run command
chmod -R 777 /opt/lampp/htdocs
But when system goes to restart then I again need to run this command. So avoid again and again run this command I changed the owner on "opt/lampp/htdocs" and run
chmod -R 777 /opt/lampp/htdocs
Now, whenever server restarts, assigned permissions don't need to be set again and again. That is resolved.
I have an issue, that old directories can be used to write something. But if any network user creates new directory under htdocs, that new directory needs to be changed the permission for it.
previously created, and can use this one directory to run script to create files
drwxrwxrwx 2 root root 4096 2011-06-15 14:09 aaa
Newly created, cannot be used to run a script to create image or to write anything
drwxr-xr-x 2 root root 4096 2011-06-17 15:17 aaaa
drwxr-xr-x this one is really annoying to me for each newly created folder in htdocs :(
Just to let you know that my htdocs user and rights are:
drwxrwxrwx 101 root root 4096 2011-06-17 15:17 htdocs
Why is it so? Can anybody please help me to figure this problem out? I am waiting for quick response anxiously.
First off, you should investigate what permissions you really need - chmodding everything to 777 is a security risk as it will allow any user to write inside of your web root.
However, to address your actual question of the default permissions when a new folder is created by a user, you want to adjust the default "umask" which determines such things.
This question has some information for changing it for the Apache user (if a "network user" is a user creating new files and directories through the httpd process):
Setting the umask of the Apache user
If you need to adjust it for other users or processes, the solution will be similar.
Good luck!
Edit
Since you're on Fedora, try this: (from the question I linked above)
[root ~]$ echo "umask 002" >> /etc/sysconfig/httpd
[root ~]$ service httpd restart
The first command will add that line to the /etc/sysconfig/httpd which is a permanent configuration file, and the second command will make it active.
You are tackling the problem from the wrong side. Restore your apache configuration to use apache.apache as default user/group, and set your samba server to use those credentials when someone write to your document root.
If you are using nfs or another posix compatible filesystem, use chmod g+s to keep all files readable from your apache server.
Try it:
#umask 000
have a good time!!