Re: [git-users] How to setup http protocol for GIT
On Thu, 27 Feb 2014 13:41:21 -0800 (PST) Jirong Hu jirong...@gmail.com wrote: I setup smart http following this URL: http://www.parallelsymmetry.com/howto/git.jsp When I try to push from a Window client to the GIT Linux server, I got this error: error: insufficient permission for adding an object to repository database ./objectse The question is how shall I setup the permission for the repository at: /opt/git/simple.git. My users are in domain group ccusers, and the web server is running under a local user apache:apache by default. I want to be able to access the repository by both ssh (for developers) and http (for build). What are current permissions on /opt/git/simple.git ? I mean, what `stat /opt/git/simple.git` or `ls -ld /opt/git/simple.git` output? I'm afraid you might have hard time implementing this as is because both the user apache and group apache are assumed by Apache after it starts up (it starts up as root) and so I think merely adding the user apache to the ccusers group won't fix this for you. What you can do: * Use something like suexec or mod-itk to make Git CGI app run with permissions different from those of the web server itself. * Use POSIX ACLs on your Git repos for more fine-grained control over who can access it. This way, you could have two ore more owner groups defined for a directory. * Have another Apache (or some other webserver) run with a different configuration file which makes it use another user and group and listen on a different port. As a corollary to this, you might have some specialized web server which is only configured to run Git, with appropriate credentials, and reverse-proxy requests coming to Git repos to that instance. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] How to setup http protocol for GIT
Originally the group was apache (changed it following some instruction found on web). drwxrwsr-x 7 root apache 4096 Feb 21 14:22 simple.git Then after I change it to something like this, it allow me to push. drwxrwsr-x 7 root ccusers 4096 Feb 21 14:22 simple.git For example, I have the following setting for this project web-app: [root@cmtoldshrdjk01 git]# stat /opt/git/web-app.git File: `/opt/git/web-app.git' Size: 4096Blocks: 8 IO Block: 4096 directory Device: fd02h/64770dInode: 131242 Links: 7 Access: (2775/drwxrwsr-x) Uid: (0/root) Gid: ( 3017/ ccusers) Access: 2014-02-27 17:02:39.830304322 -0500 Modify: 2014-01-23 14:34:28.279128784 -0500 Change: 2014-02-27 17:01:49.524796933 -0500 [root@cmtoldshrdjk01 git]# ls -ld /opt/git/web-app.git drwxrwsr-x 7 root ccusers 4096 Jan 23 14:34 /opt/git/web-app.git [root@cmtoldshrdjk01 git]# C:\Workspace\GIT\web-appgit push origin master PAM Authentication Enter your OFFICE domain password: Counting objects: 17, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (11/11), 2.39 KiB | 0 bytes/s, done. Total 11 (delta 1), reused 0 (delta 0) To jhu06@cmtoldshrdjk01:/opt/git/web-app.git 8bbe187..142f45d master - master On Fri, Feb 28, 2014 at 8:21 AM, Konstantin Khomoutov flatw...@users.sourceforge.net wrote: On Thu, 27 Feb 2014 13:41:21 -0800 (PST) Jirong Hu jirong...@gmail.com wrote: I setup smart http following this URL: http://www.parallelsymmetry.com/howto/git.jsp When I try to push from a Window client to the GIT Linux server, I got this error: error: insufficient permission for adding an object to repository database ./objectse The question is how shall I setup the permission for the repository at: /opt/git/simple.git. My users are in domain group ccusers, and the web server is running under a local user apache:apache by default. I want to be able to access the repository by both ssh (for developers) and http (for build). What are current permissions on /opt/git/simple.git ? I mean, what `stat /opt/git/simple.git` or `ls -ld /opt/git/simple.git` output? I'm afraid you might have hard time implementing this as is because both the user apache and group apache are assumed by Apache after it starts up (it starts up as root) and so I think merely adding the user apache to the ccusers group won't fix this for you. What you can do: * Use something like suexec or mod-itk to make Git CGI app run with permissions different from those of the web server itself. * Use POSIX ACLs on your Git repos for more fine-grained control over who can access it. This way, you could have two ore more owner groups defined for a directory. * Have another Apache (or some other webserver) run with a different configuration file which makes it use another user and group and listen on a different port. As a corollary to this, you might have some specialized web server which is only configured to run Git, with appropriate credentials, and reverse-proxy requests coming to Git repos to that instance. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] How to setup http protocol for GIT
I setup smart http following this URL: http://www.parallelsymmetry.com/howto/git.jsp When I try to push from a Window client to the GIT Linux server, I got this error: error: insufficient permission for adding an object to repository database ./objectse The question is how shall I setup the permission for the repository at: /opt/git/simple.git. My users are in domain group ccusers, and the web server is running under a local user apache:apache by default. I want to be able to access the repository by both ssh (for developers) and http (for build). Thanks Jirong On Tuesday, 25 February 2014 08:16:11 UTC-5, Konstantin Khomoutov wrote: On Mon, 24 Feb 2014 12:52:05 -0800 (PST) Jirong Hu jiro...@gmail.com javascript: wrote: http://git-scm.com/book/en/Git-on-the-Server-Public-Access I was following the above link to setup http access for GIT. But after this issue:https://groups.google.com/forum/#!topic/git-users/nL0qZXiBHqw, I think my http settings are not right. This is what I do: 1. Change the DocumentRoot= /opt/git, since /opt/git/simple.git is the repository I want to access. 2. Created a git.conf in /etc/httpd/conf.d, has the LDAP access information. It works fine. 3. chmod a+x simple.git/hooks/post-update 1. 'x' alone is not enough to execute a program--'r' is needed as well. 2. Granting execute permission to all ('a') is not needed if the user or a group of users which are about to execute that hook are already granted these permissions explicitly. There is one more thing I am not sure: the permission of /opt/git/simple.git. Who shall own this directory? The URL above says www-data, but I cant' find this group name in my server. My Apache is running under apache:apache. www-data is a Debianism, found on Debian and its derivatives (Ubuntu included); since Ubuntu is the winning distro even on servers these days, many guides found in the internets just assume this common ground. So substitute system user for the Apache web server instead of www-data and proceed. [...] drwxrwsr-x 7 root ccusers 4096 Feb 21 14:22 simple.git [...] Well, the guide from The Book you followed is unfortunately outdated: it deals with the so-called dumb HTTP transport which still works in newer versions of Git but is not recommended for using as it's *slow:* it basically crawls over the objects and packfiles it literally fetches one by one using HTTP calls. For this setup, your settings look mostly okay. One caveat though: the purpose of the post-update hook is to call a special Git command which prepares the repo *updated with the last commit* to be fetched from using that dumb HTTP transport. So if you didn't run that hook (either by hand (note that you should `su` to the Git's user first!) or by pushing to that repo using SSH) your client Git won't fetch anything useful. Hence I'd say the real way to fix this is to set your web server up to serve the newer smart HTTP transport which basically uses the web server to host a CGI Git process which, when started, communicates directly with the Git client process making the whole thing work as fast as fetching via native Git protocol (git://, served by `git-daemon`). This guide [1] explains how to set things up. 1. https://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] How to setup http protocol for GIT
On Mon, 24 Feb 2014 12:52:05 -0800 (PST) Jirong Hu jirong...@gmail.com wrote: http://git-scm.com/book/en/Git-on-the-Server-Public-Access I was following the above link to setup http access for GIT. But after this issue:https://groups.google.com/forum/#!topic/git-users/nL0qZXiBHqw, I think my http settings are not right. This is what I do: 1. Change the DocumentRoot= /opt/git, since /opt/git/simple.git is the repository I want to access. 2. Created a git.conf in /etc/httpd/conf.d, has the LDAP access information. It works fine. 3. chmod a+x simple.git/hooks/post-update 1. 'x' alone is not enough to execute a program--'r' is needed as well. 2. Granting execute permission to all ('a') is not needed if the user or a group of users which are about to execute that hook are already granted these permissions explicitly. There is one more thing I am not sure: the permission of /opt/git/simple.git. Who shall own this directory? The URL above says www-data, but I cant' find this group name in my server. My Apache is running under apache:apache. www-data is a Debianism, found on Debian and its derivatives (Ubuntu included); since Ubuntu is the winning distro even on servers these days, many guides found in the internets just assume this common ground. So substitute system user for the Apache web server instead of www-data and proceed. [...] drwxrwsr-x 7 root ccusers 4096 Feb 21 14:22 simple.git [...] Well, the guide from The Book you followed is unfortunately outdated: it deals with the so-called dumb HTTP transport which still works in newer versions of Git but is not recommended for using as it's *slow:* it basically crawls over the objects and packfiles it literally fetches one by one using HTTP calls. For this setup, your settings look mostly okay. One caveat though: the purpose of the post-update hook is to call a special Git command which prepares the repo *updated with the last commit* to be fetched from using that dumb HTTP transport. So if you didn't run that hook (either by hand (note that you should `su` to the Git's user first!) or by pushing to that repo using SSH) your client Git won't fetch anything useful. Hence I'd say the real way to fix this is to set your web server up to serve the newer smart HTTP transport which basically uses the web server to host a CGI Git process which, when started, communicates directly with the Git client process making the whole thing work as fast as fetching via native Git protocol (git://, served by `git-daemon`). This guide [1] explains how to set things up. 1. https://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] How to setup http protocol for GIT
On 02/25/14 14:16, Konstantin Khomoutov wrote: On Mon, 24 Feb 2014 12:52:05 -0800 (PST) Jirong Hu jirong...@gmail.com wrote: http://git-scm.com/book/en/Git-on-the-Server-Public-Access I was following the above link to setup http access for GIT. But after this issue:https://groups.google.com/forum/#!topic/git-users/nL0qZXiBHqw, I think my http settings are not right. This is what I do: 1. Change the DocumentRoot= /opt/git, since /opt/git/simple.git is the repository I want to access. 2. Created a git.conf in /etc/httpd/conf.d, has the LDAP access information. It works fine. 3. chmod a+x simple.git/hooks/post-update 1. 'x' alone is not enough to execute a program--'r' is needed as well. Though that is true in this context, the statement is a bit misleading since it is not true for programs in general, only for scripts. Binary programs do not need read permissions, only execute permissions: ~$ cp /bin/ls . ~$ chmod a-r ls ~$ ./ls -l ls --wx--x--x 1 gunnar gunnar 106120 Feb 25 15:11 ls BR Gunnar -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] How to setup http protocol for GIT
You are right, somehow the hook didn't run I think, don't know why. After I run it manually, the http clone got the right version. [root@cmtoldshrdjk01 hooks]# exec git update-server-info Let me setup the smart http. Thanks Jirong On Tue, Feb 25, 2014 at 8:16 AM, Konstantin Khomoutov flatw...@users.sourceforge.net wrote: On Mon, 24 Feb 2014 12:52:05 -0800 (PST) Jirong Hu jirong...@gmail.com wrote: http://git-scm.com/book/en/Git-on-the-Server-Public-Access I was following the above link to setup http access for GIT. But after this issue:https://groups.google.com/forum/#!topic/git-users/nL0qZXiBHqw, I think my http settings are not right. This is what I do: 1. Change the DocumentRoot= /opt/git, since /opt/git/simple.git is the repository I want to access. 2. Created a git.conf in /etc/httpd/conf.d, has the LDAP access information. It works fine. 3. chmod a+x simple.git/hooks/post-update 1. 'x' alone is not enough to execute a program--'r' is needed as well. 2. Granting execute permission to all ('a') is not needed if the user or a group of users which are about to execute that hook are already granted these permissions explicitly. There is one more thing I am not sure: the permission of /opt/git/simple.git. Who shall own this directory? The URL above says www-data, but I cant' find this group name in my server. My Apache is running under apache:apache. www-data is a Debianism, found on Debian and its derivatives (Ubuntu included); since Ubuntu is the winning distro even on servers these days, many guides found in the internets just assume this common ground. So substitute system user for the Apache web server instead of www-data and proceed. [...] drwxrwsr-x 7 root ccusers 4096 Feb 21 14:22 simple.git [...] Well, the guide from The Book you followed is unfortunately outdated: it deals with the so-called dumb HTTP transport which still works in newer versions of Git but is not recommended for using as it's *slow:* it basically crawls over the objects and packfiles it literally fetches one by one using HTTP calls. For this setup, your settings look mostly okay. One caveat though: the purpose of the post-update hook is to call a special Git command which prepares the repo *updated with the last commit* to be fetched from using that dumb HTTP transport. So if you didn't run that hook (either by hand (note that you should `su` to the Git's user first!) or by pushing to that repo using SSH) your client Git won't fetch anything useful. Hence I'd say the real way to fix this is to set your web server up to serve the newer smart HTTP transport which basically uses the web server to host a CGI Git process which, when started, communicates directly with the Git client process making the whole thing work as fast as fetching via native Git protocol (git://, served by `git-daemon`). This guide [1] explains how to set things up. 1. https://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[git-users] How to setup http protocol for GIT
http://git-scm.com/book/en/Git-on-the-Server-Public-Access I was following the above link to setup http access for GIT. But after this issue:https://groups.google.com/forum/#!topic/git-users/nL0qZXiBHqw, I think my http settings are not right. This is what I do: 1. Change the DocumentRoot= /opt/git, since /opt/git/simple.git is the repository I want to access. 2. Created a git.conf in /etc/httpd/conf.d, has the LDAP access information. It works fine. 3. chmod a+x simple.git/hooks/post-update There is one more thing I am not sure: the permission of /opt/git/simple.git. Who shall own this directory? The URL above says www-data, but I cant' find this group name in my server. My Apache is running under apache:apache. ccusers group is the group all my users belong to, which is set in LDAP. [root@cmtoldshrdjk01 git]# ls -al total 28 drwxr-xr-x 7 root apache 4096 Feb 21 14:04 . drwxr-xr-x. 11 root root4096 Jan 29 13:07 .. drwxr-xr-x 6 root apache 4096 Jan 23 10:58 my_app.git drwxr-xr-x 7 root apache 4096 Jan 23 14:26 project.git drwxrwsr-x 7 root ccusers 4096 Feb 21 14:22 simple.git drwxr-xr-x 7 root root4096 Feb 13 11:46 web-app2.git drwxrwsr-x 7 root apache 4096 Jan 23 14:34 web-app.git [root@cmtoldshrdjk01 git]# -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.