Page MenuHomePhabricator

Git hosting not working as documented
Closed, WontfixPublic

Description

Hi everyone,

I followed this guide to enable Git Repository serving over HTTP by Diffusion. I'm running Phabricator on a system with nginx and php-fpm. php-fpm is running as user http (uid 33) and the Phabricator Daemons are running as user root.
The daemons are started using ./bin/phd start as user root.

Refering to that guide, the following should go into /etc/sudoers file:

www-user ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-http-backend, /usr/bin/hg
  • The user the daemons run as. We'll call this daemon-user.
  • The user the webserver runs as. We'll call this www-user.
  • The user that users will connect over SSH as. We'll call this vcs-user.
  • www-user seems to be http in this environment
  • daemon-user seems to be root in this environment
  • vcs-user seems not involved in this environment, since I do not use SSH connections yet

My git-http-backend binary is found at /usr/lib/git-core/git-http-backend and I have created a symlink pointing there in /usr/share/nginx/html/phabricator/support/bin/git-http-backend, so this means, the sudoers line should look like the following in this environment:

http ALL=(root) SETENV: NOPASSWD: /usr/lib/git-core/git-http-backend, /usr/share/nginx/html/phabricator/support/bin/git-http-backend, /usr/bin/hg

Finally, once you've configured /etc/sudoers, /etc/shadow and /etc/passwd, set phd.user to the daemon-user:

Which means to issue the following for this environment:

[root@1713e769eaca phabricator]# ./bin/config set phd.user root       
Set 'phd.user' in local configuration.
[root@1713e769eaca phabricator]# ./bin/config get phd.user     
{
  "config" : [
    {
      "key"       : "phd.user",
      "source"    : "local",
      "value"     : "root",
      "status"    : "set",
      "errorInfo" : null
    },
    {
      "key"       : "phd.user",
      "source"    : "database",
      "value"     : null,
      "status"    : "unset",
      "errorInfo" : null
    }
  ]
}
[root@1713e769eaca phabricator]#

The rest of that guide reads as "should work now", when speaking of HTTP.

When one creates a new git repository in Diffusion, it's files are owned by the user root. This leads to errors as soon as something should be pushed into them:

Before chown http:http -R /var/repo/TD:

#>git push -u --all 
Username for 'http://int-phab.marc-richter.info': xx
Password for 'http://xx@int-phab.marc-richter.info':
Counting objects: 79, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (61/61), done.
Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done.
Total 79 (delta 19), reused 0 (delta 0)
remote: error: insufficient permission for adding an object to repository database objects
remote: fatal: failed to write object
error: unpack failed: unpack-objects abnormal exit
To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git
 ! [remote rejected] master -> master (unpacker error)
error: failed to push some refs to 'http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git'

#>

After chown http:http -R /var/repo/TD:

#>git push -u --all
Username for 'http://int-phab.marc-richter.info': xx
Password for 'http://xx@int-phab.marc-richter.info':
Counting objects: 79, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (61/61), done.
Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done.
Total 79 (delta 19), reused 0 (delta 0)
To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git
 * [new branch]      master -> master
Branch master set up to track remote branch master from origin.

#>

I do not get where the error is in my setup, which is why I consider this being a bug either in docs or in Phabricator.

Event Timeline

Judge raised the priority of this task from to Normal.
Judge updated the task description. (Show Details)
Judge added projects: Diffusion, Daemons.
Judge updated the task description. (Show Details)
Judge added a project: Documentation.
Judge added a subscriber: Judge.
chad raised the priority of this task from Normal to Needs Triage.Oct 14 2014, 2:11 PM

Well, it should have worked there...

If you can hop on irc (#phabricator on FreeNode) for a more interactive support, we could try to figure out what went wrong.

(The files in the new repo are expected to be owned by daemon user - root here - and the http user would sudo as root to modify them).

chad claimed this task.

I can't reproduce this, but we'll keep an eye on it.

I started with several "fresh" installs of phabricator in the meantime and couldn't reproduce this anymore. I guess this might be closed ... I do not have an idea what went wrong in the affected env .

Judge changed the task status from Invalid to Wontfix.Jul 21 2015, 8:31 AM

Cannot reproduce