Hi everyone,
I followed this guide to enable Git Repository serving over HTTP by Diffusion. I'm running Phabricator on a system with nginx and php-fpm. php-fpm is running as user http (uid 33) and the Phabricator Daemons are running as user root.
The daemons are started using ./bin/phd start as user root.
Refering to that guide, the following should go into /etc/sudoers file:
www-user ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-http-backend, /usr/bin/hg
- The user the daemons run as. We'll call this daemon-user.
- The user the webserver runs as. We'll call this www-user.
- The user that users will connect over SSH as. We'll call this vcs-user.
- www-user seems to be http in this environment
- daemon-user seems to be root in this environment
- vcs-user seems not involved in this environment, since I do not use SSH connections yet
My git-http-backend binary is found at /usr/lib/git-core/git-http-backend and I have created a symlink pointing there in /usr/share/nginx/html/phabricator/support/bin/git-http-backend, so this means, the sudoers line should look like the following in this environment:
http ALL=(root) SETENV: NOPASSWD: /usr/lib/git-core/git-http-backend, /usr/share/nginx/html/phabricator/support/bin/git-http-backend, /usr/bin/hg
Finally, once you've configured /etc/sudoers, /etc/shadow and /etc/passwd, set phd.user to the daemon-user:
Which means to issue the following for this environment:
[root@1713e769eaca phabricator]# ./bin/config set phd.user root Set 'phd.user' in local configuration. [root@1713e769eaca phabricator]# ./bin/config get phd.user { "config" : [ { "key" : "phd.user", "source" : "local", "value" : "root", "status" : "set", "errorInfo" : null }, { "key" : "phd.user", "source" : "database", "value" : null, "status" : "unset", "errorInfo" : null } ] } [root@1713e769eaca phabricator]#
The rest of that guide reads as "should work now", when speaking of HTTP.
When one creates a new git repository in Diffusion, it's files are owned by the user root. This leads to errors as soon as something should be pushed into them:
Before chown http:http -R /var/repo/TD:
#>git push -u --all Username for 'http://int-phab.marc-richter.info': xx Password for 'http://xx@int-phab.marc-richter.info': Counting objects: 79, done. Delta compression using up to 4 threads. Compressing objects: 100% (61/61), done. Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done. Total 79 (delta 19), reused 0 (delta 0) remote: error: insufficient permission for adding an object to repository database objects remote: fatal: failed to write object error: unpack failed: unpack-objects abnormal exit To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git ! [remote rejected] master -> master (unpacker error) error: failed to push some refs to 'http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git' #>
After chown http:http -R /var/repo/TD:
#>git push -u --all Username for 'http://int-phab.marc-richter.info': xx Password for 'http://xx@int-phab.marc-richter.info': Counting objects: 79, done. Delta compression using up to 4 threads. Compressing objects: 100% (61/61), done. Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done. Total 79 (delta 19), reused 0 (delta 0) To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git * [new branch] master -> master Branch master set up to track remote branch master from origin. #>
I do not get where the error is in my setup, which is why I consider this being a bug either in docs or in Phabricator.