Context:
gitolite (v3.5-0-g4071623) installed;
gitweb installed;
gitolite and gitweb works fine until I add a new repository in gitolite-admin and push the changes
gitweb user: www-data
gitolite user: git
with:
usermod -a -G git www-data
usermode -a -G www-data git
When I add a new repository, gitolite changes permissions of projects.list to -rw------- (user: read write)
In order for gitweb to work using projects.list file the permissions should be at least
-rw-r----- (user: read write; group:read)
When I manually set permission to the file:
chmod g+r projects.list
, gitweb starts working again.
File .gitolite.rc contains UMASK => 0027.
Question:
How to make gitolite set permisions -wr-r----- (u:rw g:r) to projects.list file when a push to gitolite-admin is performed ?
Related
I have developed a few git repositories for a web application. As part of the deployment process, a few of the folders need to be writable by Apache for file uploads. Does git have any control over this for either the user or group, or the respective permissions?
git can only set this for the entire repository, not for a subdirectory. Run in the root of your repo:
sudo chgrp -R apache .
sudo chmod -R ug+rwX *
git config core.sharedRepository group
We are two developers working on a project and I set a git repository on a server (ArchLinux) we both have access over ssh. The git repository was created the following way :
mkdir project
touch project/readme.txt
git init project
cd projet
git add .
git commit -m 'initial commit'
git push origin master
cd ..
git clone --bare project.git
cd project.git
git config core.sharedRepository true
cd ..
setfacl -R -m g:<group name>:rwX project.git
find gitrepo -type d | xargs setfacl -R -m d:g:<group name>:rwX
our group name is dev and both users are in the group (checked in /etc/groups)
On a second machine (can be mine or the second developer's), we clone the repository this way.
git clone user1#ip:/path/project.git (over ssh)
password: <enter user1 password>
Everything is put inside a folder project. This user can now do add, push, pull etc.
Then we try the second user
git clone user2#ip:/path/project.git (over ssh)
password: <enter user2 password>
and we get this
fatal: '/path/project.git' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
We can connect the second user with SSH with no problem so it's not a bad password. Do you have any idea why we encounter this problem?
Looks like you did not set up git deamon
Read the whole page (its a short one) and follow the steps.
Don't skip the part where you define which projects can be shared.
I have git clone repo on my home/myuser directory. I want to give another user permission to be able to update it. That user does not have sudo rights.
git repo is in this directory: /home/myuser/gitrepo/
When another user goes to that directory and tries to update it with:
/home/myuser/gitrepo/ git remote update
It gets this error:
error: cannot open .git/FETCH_HEAD: Permission denied
How could I give that user access to only update that repo?
You could try and protect your repo with a group which has only two members: you and the other user.
See "How do I share a Git repository with multiple users on a machine?"
chgrp -R <whatever group> gitrepo
chmod -R g+swX gitrepo
umask 002
The other option is to make sure your system umask is repected, with
git init --shared=group
# Or, for an existing repo
git config core.sharedRepository true
The best practice remains to delegate the authorization to a third-party framework like gitolite, based on the authentication of a ssh daemon or an http server.
I need to create a Git repository on a Linux machine and then make it accessible via HTTP. Also need full access with one user and read-only to anon-users.
I've created local repositories before but I don't know how to create this (e.g.: inside /var/www or /opt/git/...)
I tried doing this:
-sudo Clone a GitHub repository into /var/www/repos/repo.git
-cd /var/www/repos/repo.git
-sudo git --bare update-server-info
-sudo mv hooks/post-update.sample hooks/post-update
-sudo service apache2 restart
Then I tried to access this repository from another machine:
-With browser : (http protocol)192.168.1.49/repo.git <-- WORKS
-With terminal: git clone --bare (http protocol)192.168.1.49/repo.git <--DOESN'T WORK
The terminal says:
Cloning into bare repository repo.git...
fatal: (http protocol)192.168.1.49/repo.git/info/refs?service=git-upload-pack not found: did you run git update-server-info on the server?
I think maybe it's a permissions problem. How I need to manage permissions inside /var/www?
EDIT: Already fixed, just needed:
-put the repository into /var/www/repos/ named repo.git
-change the permissions of the www folder with sudo chown -R www-data:www-data /var/www
-enable webdav with sudo a2enmod dav_fs
-config file into /etc/apache2/conf.d called git.conf
-create the file with users with sudo htpasswd -c /etc/apache2/passwd.git user
-rename the pot-update file and make it executable with sudo mv /var/www/repos/repo.git/hooks/post-update.sample /var/www/repos/repo.git/hooks/post-update && sudo chmod a+x /var/www/repos/repo.git/hooks/post-update
-update server and restart apache with sudo git update-server-info && sudo service apache2 restart
And, to fix the problem with pushing:
Edit the file .git/config into your repository folder (client machine) and put the username and password on the url:
url = (http protocol)user:password#url/repos/repo.git
So, now only I need is to set the read-only for anon-users.
Already fixed, just needed:
-put the repository into /var/www/repos/ named repo.git
-change the permissions of the www folder with sudo chown -R www-data:www-data /var/www
-enable webdav with sudo a2enmod dav_fs
-config file into /etc/apache2/conf.d called git.conf
-create the file with users with sudo htpasswd -c /etc/apache2/passwd.git user
-rename the pot-update file and make it executable with sudo mv /var/www/repos/repo.git/hooks/post-update.sample
/var/www/repos/repo.git/hooks/post-update && sudo chmod a+x
/var/www/repos/repo.git/hooks/post-update
-update server and restart apache with sudo git update-server-info && sudo service apache2 restart
And, to fix the problem with pushing:
Edit the file .git/config into your repository folder (client machine)
and put the username and password on the url: url = (http
protocol)user:password#url/repos/repo.git
So, now only I need is to set the read-only for anon-users.
I have set up a git repository on my server. Created a new user 'git'. My repos are located in /srv/git/example.git. I was able to git remote add origin git#domain/srv/git/example.git then I added and committed my changes.
However when I tried git push origin master it failed on:
fatal: unable to create temporary file: permission denied' and 'fatal: sha1 file write error: invalid argument'
On the server I ran:
sudo chown -R git:git /srv/git/`
This fixed my problem but I am wondering if this was the correct thing to do?
On the server I ran sudo chown -R git:git /srv/git/ - this fixed my problem but I am wondering if this was the correct thing to do?
Absolutely. The problem previously was that the git user, who you're logging in as via SSH, could not write to the repository.
Depending on your needs, you may consider different combinations of users and SSH keys, or one of the many additional programs (gitolite etc) that can be used to more finely control access.
First, fix file permissions in your remote .git dir e.g.
sudo chmod -R ug+w /var/www/.git
sudo chown -R git:git /var/www/.git
or root:root if you want to assign members of root group for push access.
Then git repository on the destination host needs to be set as shared, so the following command on remote needs to be run:
git config core.sharedRepository group