I have a script that I would like to have do a git pull inside another user's git directory. This script is run by the root user. For example:
cd /home/username/GitProject
sudo -u username -i git pull
When I run this, I get:
fatal: Not a git repository (or any of the parent directories): .git
Is there a way to have my script do a git pull as username?
Try without the -i option to sudo. That option is documented as first changing to the target user's home directory, which undoes the directory change you so carefully do before that. Alternatively, use the appropriate options to git to specify the directory, something like this:
sudo -u username -i git --git-dir=/home/username/GitProject/.git --work-tree=/home/username/GitProject pull
This can be done without sudo. This assumes you have password-less ssh keys since you are talking about a script. Here's the failure:
# git clone <user>#<host>:/path/to/repo
Cloning into 'repo'...
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This shows that ~ properly expands to the user's homedir:
# MYUSER=somebody
# su - $MYUSER -c "echo ~"
/home/somebody
And here's the actual command used to clone into the home directory along with some extra proofs:
# su - $MYUSER -c "git clone <user>#<host>:/path/to/repo"
Cloning into 'repo'...
remote: Counting objects: 13, done.
<..>
# ls -l /home/$MYUSER/repo/.git/config
-rw-r--r-- 1 somebody somebody 275 Nov 8 23:55 /home/somebody/repo/.git/config
# su - $MYUSER -c "cd ~/repo; git remote -v"
origin <user>#<host>:/path/to/repo (fetch)
origin <user>#<host>:/path/to/repo (push)
# su - $MYUSER -c "cd ~/repo; git pull"
Already up-to-date.
Related
I have a Gitlab runner running in a VPS, now is facing this error:
Running on vps...
Getting source from Git repository
00:02
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /home/gitlab-runner/builds/-Jgf7oJG/0/agency/project/app/.git/
Checking out 67b23db2 as testing...
Removing .env
Skipping Git submodules setup
Executing "step_script" stage of the job script
00:00
$ mkdir -p ~/.ssh
$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
$ chmod 700 ~/.ssh/id_rsa
$ eval "$(ssh-agent -s)"
Agent pid 929369
$ ssh-add ~/.ssh/id_rsa
Identity added: /home/gitlab-runner/.ssh/id_rsa (/home/gitlab-runner/.ssh/id_rsa)
$ ssh-keyscan -H $SSH_HOST >> ~/.ssh/known_hosts
bash: line 133: /home/gitlab-runner/.ssh/known_hosts: Permission denied
Cleaning up file based variables
00:00
ERROR: Job failed: exit status 1
I've tryed with the following commands inside the vps that have the runner:
$ sudo usermod -a -G sudo gitlab-runner
$ sudo visudo
And adding this to the bottom of the file.
gitlab-runner ALL=(ALL) NOPASSWD: ALL
make sure that your known_hosts file has the following group & permissions.
-rw-r--r-- 1 gitlab-runner gitlab-runner 444 Aug 2 00:00 known_hosts
from sshd manual
~/.ssh/known_hosts
Contains a list of host keys for all hosts the user has logged into that are not already in the systemwide list of known host keys. The format of this file is described above. This file should be writable only by root/the owner and
can, but need not be, world-readable.
chmod 600/644 for ~/.ssh/known_hosts
From a server (A) I launch a script called test.sh which contains this code :
#!/bin/bash
ssh login#server-b.com -p 22 'bash $HOME/tmp/git.sh'
exit 0
So from server (B) another script is launched (called git.sh) and contains :
#!/bin/bash
cd $HOME/tmp
git clone ssh://repo_login#my-repo.com:22/home/scripts
exit 0
But the git clone does not work and I get this error message :
Cloning into 'scripts'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
But from server (B) If I launch the git.sh script manually, it works.
Do you have an idea why?
Thanks
L.
When running a script through ssh, you need to start the ssh-agent, and add your keys before you can connect to another machine.
Script git.sh should be modified as below (assuming your key is in file ~/.ssh/id_rsa):
#!/bin/bash
cd $HOME/tmp
eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa
git clone ssh://repo_login#my-repo.com:22/home/scripts
exit 0
I've just installed git on my CentOS 6 (yum install). And I'd like to clone a repository, but keeping in mind that runing GIT as root user is insecure, I try to do it as admin (whose password I don't remember really). Below is a command flow.
[root#angkor public_html]# runuser -l admin 'git'
/bin/git: /bin/git: cannot execute binary file
[root#angkor public_html]# su - admin git
Last login: Tue May 28 11:00:08 UTC 2019 on pts/0
/bin/git: /bin/git: cannot execute binary file
[root#angkor public_html]# git
usage: git [--version] [--help] [-c name=value]
[--exec-path[=<path>]] [--html-path] [--man-path] [--info-path]
[-p|--paginate|--no-pager] [--no-replace-objects] [--bare]
[--git-dir=<path>] [--work-tree=<path>] [--namespace=<name>]
<command> [<args>]
As we can see git starts when I run it as root but some error reported whan I try to run it as admin. Why and how to fix it?
This is expected, unfortunately:
https://bugzilla.redhat.com/show_bug.cgi?id=1245780
Use this instead:
runuser -l admin -c 'git'
i am trying to find the name of git branch on remote server using a shell script. I put the following command in a script under the bin directory.
git symbolic-ref --short HEAD
When I execute the script using ssh from another machine
ssh -i keyfile.pem user#ipaddress 'bash -s' /path/to/the/script
I get an error
fatal: Not a git repository (or any of the parent directories): .git
Not sure where I am doing wrong. Any help would be appreciated.
Thanks.
Your call to git is using the wrong working directory (likely your home directory).
In your script, either cd to the path containing the git directory or specify the -C option with git:
git -C /path/to/git/checkout symbolic-ref --short HEAD
The -C option allows you to overwrite the working directory:
-C <path>
Run as if git was started in <path> instead of the current working directory. When
multiple -C options are given, each subsequent non-absolute -C <path> is interpreted
relative to the preceding -C <path>.
If a root user is running a bash script that configure some stuff on machine for a user. The script would configure a git repository and an ssh key for password-less github communication, then it would clone the repository.
This will only happens once.
I'm new to bash, how would I do this?
My solution so far (this script is run as root):
USERNAME="vagrant"
HOMEDIR="/home/$USERNAME"
apt-get update -y
apt-get install git -y
cp id_rsa* $HOMEDIR/.ssh #copying predefined keys
su -c "eval `ssh-agent -s` ssh-add $HOMEDIR/.ssh/id_rsa" $USERNAME
chmod 400 $HOMEDIR/.ssh/id_rsa
cat $HOMEDIR/.ssh/id_rsa.pub > $HOMEDIR/.ssh/known_hosts
This doesn't work because the key is not being added, I get the error:
Could not open a connection to your authentication agent.
With a root user that has no login on a remote host, and /root/.ssh does not exist, I can interactively ssh in with:
su - $USERNAME -c "ssh $USERNAME#<remotehost>"
It reads USERNAME's ~/.ssh/known_hosts file (or prompts for verification). If correct keys exist in USERNAME's ~/.ssh it uses them. When done, there is still no /root/.ssh, i.e. this is completely done as USERNAME, not root.
Likewise with git cloning:
su - $USERNAME -c "git clone remoteuser#host:/path/to/repo"
Just be careful of quoting. If you want a variable dereferenced at the time you run su, use double quotes. If you want a variable dereferenced after su has handed off to the user's shell, use single quotes. Example:
su - myuser -c "echo $HOME"
/root
su - myuser -c 'echo $HOME'
/home/myuser