Originally the group was apache (changed it following some instruction found on web). > drwxrwsr-x 7 root apache 4096 Feb 21 14:22 simple.git
Then after I change it to something like this, it allow me to push. > drwxrwsr-x 7 root ccusers 4096 Feb 21 14:22 simple.git For example, I have the following setting for this project web-app: [root@cmtoldshrdjk01 git]# stat /opt/git/web-app.git File: `/opt/git/web-app.git' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd02h/64770d Inode: 131242 Links: 7 Access: (2775/drwxrwsr-x) Uid: ( 0/ root) Gid: ( 3017/ ccusers) Access: 2014-02-27 17:02:39.830304322 -0500 Modify: 2014-01-23 14:34:28.279128784 -0500 Change: 2014-02-27 17:01:49.524796933 -0500 [root@cmtoldshrdjk01 git]# ls -ld /opt/git/web-app.git drwxrwsr-x 7 root ccusers 4096 Jan 23 14:34 /opt/git/web-app.git [root@cmtoldshrdjk01 git]# C:\Workspace\GIT\web-app>git push origin master PAM Authentication Enter your OFFICE domain password: Counting objects: 17, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (11/11), 2.39 KiB | 0 bytes/s, done. Total 11 (delta 1), reused 0 (delta 0) To jhu06@cmtoldshrdjk01:/opt/git/web-app.git 8bbe187..142f45d master -> master On Fri, Feb 28, 2014 at 8:21 AM, Konstantin Khomoutov < [email protected]> wrote: > On Thu, 27 Feb 2014 13:41:21 -0800 (PST) > Jirong Hu <[email protected]> wrote: > > > I setup smart http following this URL: > > http://www.parallelsymmetry.com/howto/git.jsp > > > > When I try to push from a Window client to the GIT Linux server, I > > got this error: error: insufficient permission for adding an object > > to repository database ./objectse > > > > The question is how shall I setup the permission for the repository > > at: /opt/git/simple.git. My users are in domain group "ccusers", and > > the web server is running under a local user "apache:apache" by > > default. I want to be able to access the repository by both ssh (for > > developers) and http (for build). > > What are current permissions on /opt/git/simple.git ? > I mean, what `stat /opt/git/simple.git` or `ls -ld /opt/git/simple.git` > output? > > I'm afraid you might have hard time implementing this "as is" because > both the user "apache" and group "apache" are assumed by Apache after > it starts up (it starts up as root) and so I think merely adding the > user "apache" to the "ccusers" group won't fix this for you. > > What you can do: > * Use something like suexec or mod-itk to make Git CGI app run with > permissions different from those of the web server itself. > * Use POSIX ACLs on your Git repos for more fine-grained control > over who can access it. This way, you could have two ore more > "owner groups" defined for a directory. > * Have another Apache (or some other webserver) run with a different > configuration file which makes it use another user and group and > listen on a different port. > As a corollary to this, you might have some specialized web server > which is only configured to run Git, with appropriate credentials, > and reverse-proxy requests coming to Git repos to that instance. > -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
