Hi everyone,
I followed this guide to enable Git Repository serving over HTTP by Diffusion. I'm running Phabricator on a system with nginx and php-fpm. php-fpm is running as user http (uid 33) and the Phabricator Daemons are running as user root.
The daemons are started using ./bin/phd start as user root.
Refering to that guide, the following should go into /etc/sudoers file:
www-user ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-http-backend, /usr/bin/hg
- The user the daemons run as. We'll call this daemon-user.
- The user the webserver runs as. We'll call this www-user.
- The user that users will connect over SSH as. We'll call this vcs-user.
- www-user seems to be http in this environment
- daemon-user seems to be root in this environment
- vcs-user seems not involved in this environment, since I do not use SSH connections yet
My git-http-backend binary is found at /usr/lib/git-core/git-http-backend and I have created a symlink pointing there in /usr/share/nginx/html/phabricator/support/bin/git-http-backend, so this means, the sudoers line should look like the following in this environment:
http ALL=(root) SETENV: NOPASSWD: /usr/lib/git-core/git-http-backend, /usr/share/nginx/html/phabricator/support/bin/git-http-backend, /usr/bin/hg
Finally, once you've configured /etc/sudoers, /etc/shadow and /etc/passwd, set phd.user to the daemon-user:
Which means to issue the following for this environment:
[root@1713e769eaca phabricator]# ./bin/config set phd.user root
Set 'phd.user' in local configuration.
[root@1713e769eaca phabricator]# ./bin/config get phd.user
{
"config" : [
{
"key" : "phd.user",
"source" : "local",
"value" : "root",
"status" : "set",
"errorInfo" : null
},
{
"key" : "phd.user",
"source" : "database",
"value" : null,
"status" : "unset",
"errorInfo" : null
}
]
}
[root@1713e769eaca phabricator]#The rest of that guide reads as "should work now", when speaking of HTTP.
When one creates a new git repository in Diffusion, it's files are owned by the user root. This leads to errors as soon as something should be pushed into them:
Before chown http:http -R /var/repo/TD:
#>git push -u --all Username for 'http://int-phab.marc-richter.info': xx Password for 'http://xx@int-phab.marc-richter.info': Counting objects: 79, done. Delta compression using up to 4 threads. Compressing objects: 100% (61/61), done. Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done. Total 79 (delta 19), reused 0 (delta 0) remote: error: insufficient permission for adding an object to repository database objects remote: fatal: failed to write object error: unpack failed: unpack-objects abnormal exit To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git ! [remote rejected] master -> master (unpacker error) error: failed to push some refs to 'http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git' #>
After chown http:http -R /var/repo/TD:
#>git push -u --all Username for 'http://int-phab.marc-richter.info': xx Password for 'http://xx@int-phab.marc-richter.info': Counting objects: 79, done. Delta compression using up to 4 threads. Compressing objects: 100% (61/61), done. Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done. Total 79 (delta 19), reused 0 (delta 0) To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git * [new branch] master -> master Branch master set up to track remote branch master from origin. #>
I do not get where the error is in my setup, which is why I consider this being a bug either in docs or in Phabricator.