Hi everyone,
I followed [[ https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ | this guide ]] to enable Git Repository serving over HTTP by Diffusion. I'm running Phabricator on a system with nginx and php-fpm. php-fpm is running as user http (uid 33) and the Phabricator Daemons are running as user root.
The daemons are started using `./bin/phd start` the following command as user root.
Refering to that guide, the following should go into /etc/sudoers file:
```
www-user ALL=(daemon-user) SETENV: NOPASSWD: /usr/bin/git-http-backend, /usr/bin/hg
```
> * The user the daemons run as. We'll call this `daemon-user`.
> * The user the webserver runs as. We'll call this `www-user`.
> * The user that users will connect over SSH as. We'll call this `vcs-user`.
- **www-user** seems to be `http` in this environment
- **daemon-user** seems to be `root` in this environment
- **vcs-user** seems not involved in this environment, since I do not use SSH connections yet
My `git-http-backend` binary is found at `/usr/lib/git-core/git-http-backend` and I have created a symlink pointing there in `/usr/share/nginx/html/phabricator/support/bin/git-http-backend`, so this means, the sudoers line should look like the following in this environment:
```
http ALL=(root) SETENV: NOPASSWD: /usr/lib/git-core/git-http-backend, /usr/share/nginx/html/phabricator/support/bin/git-http-backend, /usr/bin/hg
```
> Finally, once you've configured /etc/sudoers, /etc/shadow and /etc/passwd, set `phd.user` to the `daemon-user`:
Which means to issue the following for this environment:
```
[root@1713e769eaca phabricator]# ./bin/config set phd.user root
Set 'phd.user' in local configuration.
[root@1713e769eaca phabricator]# ./bin/config get phd.user
{
"config" : [
{
"key" : "phd.user",
"source" : "local",
"value" : "root",
"status" : "set",
"errorInfo" : null
},
{
"key" : "phd.user",
"source" : "database",
"value" : null,
"status" : "unset",
"errorInfo" : null
}
]
}
[root@1713e769eaca phabricator]#
```
The rest of that guide reads as "should work now", when speaking of HTTP.
When one creates a new git repository in Diffusion, it's files are owned by the user `root`. This leads to errors as soon as something should be pushed into them:
Before `chown http:http -R /var/repo/TD`:
```
#>git push -u --all
Username for 'http://int-phab.marc-richter.info': xx
Password for 'http://xx@int-phab.marc-richter.info':
Counting objects: 79, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (61/61), done.
Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done.
Total 79 (delta 19), reused 0 (delta 0)
remote: error: insufficient permission for adding an object to repository database objects
remote: fatal: failed to write object
error: unpack failed: unpack-objects abnormal exit
To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git
! [remote rejected] master -> master (unpacker error)
error: failed to push some refs to 'http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git'
#>
```
After `chown http:http -R /var/repo/TD`:
```
#>git push -u --all
Username for 'http://int-phab.marc-richter.info': xx
Password for 'http://xx@int-phab.marc-richter.info':
Counting objects: 79, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (61/61), done.
Writing objects: 100% (79/79), 14.47 KiB | 0 bytes/s, done.
Total 79 (delta 19), reused 0 (delta 0)
To http://int-phab.marc-richter.info/diffusion/TD/titan-docker.git
* [new branch] master -> master
Branch master set up to track remote branch master from origin.
#>
```
I do not get where the error is in my setup, which is why I consider this being a bug either in docs or in Phabricator.