Page MenuHomePhabricator
Create Task
Maniphest T8174

Wrong sudoers to git hosted repo using ssh.
Closed, ResolvedPublic
Actions

Description

It was hard but I went throught https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/
Alll worked but at the end i get :

sudo: a password is required
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

so I get visudo

git ALL=(phabricator) SETENV: NOPASSWD: ALL

And then it works. So it seems that the configs, the hooks and co are working perfectly.
Are you aware of a way to trace file used by sudo ?
Should I dissect the ssh hooks ?

Event Timeline

tycho.tatitscheff created this task.May 12 2015, 9:55 PM
tycho.tatitscheff raised the priority of this task from to Needs Triage.
tycho.tatitscheff updated the task description. (Show Details)
tycho.tatitscheff added a project: Diffusion.
tycho.tatitscheff added a subscriber: tycho.tatitscheff.
tycho.tatitscheff added a comment.May 12 2015, 10:04 PM

Something like a debug flag in the hook and debug log in ssh in ./bin/ssh-* could indeed help a lot of user.
With a little help I could make a Diff.

WDYT ?

tycho.tatitscheff closed this task as Resolved.May 14 2015, 4:04 PM
tycho.tatitscheff claimed this task.
tycho.tatitscheff added subscribers: chad, epriestley.

@epriestley, @chad : I solved it by myself so Im gonna close it.
It was basicaly that it used /usr/bin/git-receive instead of /usr/lib/git-core/git-receive.
Could you please include a hint in troubleshoting ( ssh | http ) :

If you get a message like sudo : a password is required, you can tail -f /var/log/auth.log (debian based..) or tail -f /var/log/secure (redhat, fedora, centos..) while trying to connect to get the path of the command used.

zcourts awarded a token.Oct 15 2016, 7:39 AM
zcourts added a subscriber: zcourts.
aelam added a subscriber: aelam.EditedApr 16 2018, 8:14 AM

@tycho.tatitscheff I have the same problem.
I tried to use /usr/bin/git-receive instead of /usr/lib/git-core/git-receive
Still the same.

16 23:41:07 localhost sudo:      git : command not allowed ; TTY=unknown ; PWD=/home/git ; USER=phabricator ; COMMAND=/usr/bin/git-upload-pack -- /var/repo/SPEC/

I've tried the commands below, git-upload-pack requires password, while git-receive-pack doesn't need.
And I switch to phabricator. git-receive-pack can work well.

[phabricator@localhost ~]$ su git
Password: 
sh-4.1$ sudo -E -n -u  phabricator  -- /usr/bin/git-upload-pack --help
sudo: a password is required
sh-4.1$ sudo -E -n -u  phabricator  -- /usr/bin/git-receive-pack --help
sh-4.1$
Phabricator · Built by Phacility