Page MenuHomePhabricator

Detect `sudo` errors on HTTP repository access
Open, LowPublic

Description

When git users misconfigure their sudoers file, they get an HTTP 500 error which can only be surfaced by using GIT_CURL_VERBOSE.

This is somewhat difficult to detect, and difficult to report.

Detection is difficult because we must distinguish between sudo failure and git-http-backend failure. This is hard to do from the command results, except by text matching stderr for "sudo".

It's not immediately clear how to run a trivial succeeding command via git-http-backend either, as it doesn't have --help or --version flags that I can find. If we could find such a flag, we could run it after all errors and use it to distinguish between sudo errors and other kinds of error. We could possibly write a trivial, valid request, but this seems like it may be involved.

Even assuming we can detect the error, we're limited in our ability to report it. I wasn't able to find any way to write directly to the console under git over HTTP. It's possible some method exists; I didn't dig extremely deeply. Other thoughts are that we could surface an unusual HTTP error code, or preemptively detect this in the repository interface.