git@vger.kernel.org mailing list mirror (one of many)
 help / Atom feed
* sharedrepository=group not working
@ 2018-12-04  3:27 Jamie Zawinski
  2018-12-04  4:09 ` Jeff King
  0 siblings, 1 reply; 6+ messages in thread
From: Jamie Zawinski @ 2018-12-04  3:27 UTC (permalink / raw)
  To: git

I think sharedrepository=group stopped working some time between 2.10.5 (works) and 2.12.4 (does not). 2.19.2 also does not.

I have a user trying to push to a shared repo; the user is not the owner of the files but it is in the same group. All the repo files are g+rw and all the repo directories are g+srw.

	drwxrwsr-x. 252 jwz cvs 4096 Dec  3 18:53 /cvsroot/dna.git/objects/

I am getting:

	error: remote unpack failed: unable to create temporary object directory
	To /cvsroot/dna.git
	 ! [remote rejected]           master -> master (unpacker error)

If I'm reading this strace right, it looks like git is successfully creating a directory under objects/ and then failing to create a subdirectory of it (maybe because the just-created parent directory ended up with the wrong permissions?)

 mkdir("./objects/incoming-U5EN8D", 0700 <unfinished ...>
 <... mkdir resumed> )       = 0
 rt_sigaction(SIGINT, {0x56a860, [INT], SA_RESTORER|SA_RESTART, 0x7f842cb3b2f0},  <unfinished ...>
 <... rt_sigaction resumed> {SIG_IGN, [], 0}, 8) = 0
 rt_sigaction(SIGHUP, {0x56a860, [HUP], SA_RESTORER|SA_RESTART, 0x7f842cb3b2f0}, {SIG_DFL, [], 0}, 8) = 0
 rt_sigaction(SIGTERM, {0x56a860, [TERM], SA_RESTORER|SA_RESTART, 0x7f842cb3b2f0}, {SIG_DFL, [], 0}, 8) = 0
 rt_sigaction(SIGQUIT, {0x56a860, [QUIT], SA_RESTORER|SA_RESTART, 0x7f842cb3b2f0}, {SIG_DFL, [], 0}, 8) = 0
 rt_sigaction(SIGPIPE, {0x56a860, [PIPE], SA_RESTORER|SA_RESTART, 0x7f842cb3b2f0}, {SIG_DFL, [PIPE], SA_RESTORER|SA_RESTART, 0x7f842cb3b2f0}, 8) = 0
 mkdir("./objects/incoming-U5EN8D/pack", 0777) = -1 EACCES (Permission denied)


--
Jamie Zawinski      https://www.jwz.org/      https://www.dnalounge.com/


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sharedrepository=group not working
  2018-12-04  3:27 sharedrepository=group not working Jamie Zawinski
@ 2018-12-04  4:09 ` Jeff King
  2018-12-04  4:19   ` Jamie Zawinski
  0 siblings, 1 reply; 6+ messages in thread
From: Jeff King @ 2018-12-04  4:09 UTC (permalink / raw)
  To: Jamie Zawinski; +Cc: git

On Mon, Dec 03, 2018 at 07:27:13PM -0800, Jamie Zawinski wrote:

> I think sharedrepository=group stopped working some time between
> 2.10.5 (works) and 2.12.4 (does not). 2.19.2 also does not.

Hmm. Given the time-frame and the fact that your strace shows problems
writing into the objects/incoming-* directory, it's likely caused by
722ff7f876 (receive-pack: quarantine objects until pre-receive accepts,
2016-10-03).

The big change there is that instead of writing directly into objects/,
we create a temporary objects/incoming-* directory, write there, and
then migrate the objects over after we determine they're sane.

So in your strace we see the temp directory get created:

>  mkdir("./objects/incoming-U5EN8D", 0700 <unfinished ...>
>  <... mkdir resumed> )       = 0

The permissions are tighter than we ultimately want, but that's OK.
This tempdir is just for this process (and its children) to look at, and
then we'd eventually migrate the files out.

I could definitely imagine there being a bug in which we don't then
properly loosen permissions when we move things out of the tempdir, but
we don't even get that far. We fail immediately:

>  mkdir("./objects/incoming-U5EN8D/pack", 0777) = -1 EACCES (Permission denied)

That seems strange. The outer directory is only 0700, but the user
permissions should be sufficient. Even with the g+s bit set, it should
still be owned by the same user, shouldn't it?

I tried reproducing your state like this:

  git init --bare dst.git
  git -C dst.git config core.sharedrepository group
  chgrp -R somegroup dst.git
  find dst.git -type f | xargs chmod g+rw
  find dst.git -type d | xargs chmod g+srw

  # push works from original user
  git clone dst.git client
  (
    cd client &&
    git commit --allow-empty -m foo
    git push
  )

  # push works from alternate user
  sudo su anotheruser sh -c '
    git clone dst.git /tmp/other &&
    cd /tmp/other &&
    git commit --allow-empty -m foo &&
    git push --receive-pack="strace -e mkdir git-receive-pack"
  '

but it works fine. Might there be some effective-uid trickiness with the
way the server side of git is invoked? Or is this a network mount where
the filesystem uid might not match the process uid?

-Peff

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sharedrepository=group not working
  2018-12-04  4:09 ` Jeff King
@ 2018-12-04  4:19   ` Jamie Zawinski
  2018-12-04  4:20     ` Jamie Zawinski
  2018-12-04  4:50     ` Jeff King
  0 siblings, 2 replies; 6+ messages in thread
From: Jamie Zawinski @ 2018-12-04  4:19 UTC (permalink / raw)
  To: Jeff King; +Cc: git

On Dec 3, 2018, at 8:09 PM, Jeff King <peff@peff.net> wrote:
> 
> but it works fine. Might there be some effective-uid trickiness with the
> way the server side of git is invoked? Or is this a network mount where
> the filesystem uid might not match the process uid?

Huh. They're on the same ext4 fs (it's an AWS EBS sc1 volume, but I think that still counts as "not a network mount" as far as Linux is concerned.)

The way I was seeing this fail was a CGI invoking "git push", as user "httpd" (and I verified that when the cgi was invoked, "groups" reported that "httpd" was a member of group "cvs") but when I tried to reproduce the error with "sudo -u apache git push" it didn't fail. So possibly something hinky is going on with group permissions when httpd invokes git, but I did verify that whoami, groups and pwd were as expected, so I couldn't tell what that might be... (Oh, I didn't check what umask was, but it should have been 022...)

--
Jamie Zawinski      https://www.jwz.org/      https://www.dnalounge.com/


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sharedrepository=group not working
  2018-12-04  4:19   ` Jamie Zawinski
@ 2018-12-04  4:20     ` Jamie Zawinski
  2018-12-04  4:50     ` Jeff King
  1 sibling, 0 replies; 6+ messages in thread
From: Jamie Zawinski @ 2018-12-04  4:20 UTC (permalink / raw)
  To: Jeff King; +Cc: git

On Dec 3, 2018, at 8:19 PM, Jamie Zawinski <jwz@jwz.org> wrote:
> 
> (Oh, I didn't check what umask was, but it should have been 022...)

Typo, I mean to say 002.

--
Jamie Zawinski      https://www.jwz.org/      https://www.dnalounge.com/


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sharedrepository=group not working
  2018-12-04  4:19   ` Jamie Zawinski
  2018-12-04  4:20     ` Jamie Zawinski
@ 2018-12-04  4:50     ` Jeff King
  2018-12-04  5:24       ` Jamie Zawinski
  1 sibling, 1 reply; 6+ messages in thread
From: Jeff King @ 2018-12-04  4:50 UTC (permalink / raw)
  To: Jamie Zawinski; +Cc: git

On Mon, Dec 03, 2018 at 08:19:12PM -0800, Jamie Zawinski wrote:

> On Dec 3, 2018, at 8:09 PM, Jeff King <peff@peff.net> wrote:
> > 
> > but it works fine. Might there be some effective-uid trickiness with the
> > way the server side of git is invoked? Or is this a network mount where
> > the filesystem uid might not match the process uid?
> 
> Huh. They're on the same ext4 fs (it's an AWS EBS sc1 volume, but I
> think that still counts as "not a network mount" as far as Linux is
> concerned.)

Yeah, I think we can discount any oddness there.

> The way I was seeing this fail was a CGI invoking "git push", as user
> "httpd" (and I verified that when the cgi was invoked, "groups"
> reported that "httpd" was a member of group "cvs") but when I tried to
> reproduce the error with "sudo -u apache git push" it didn't fail. So
> possibly something hinky is going on with group permissions when httpd
> invokes git, but I did verify that whoami, groups and pwd were as
> expected, so I couldn't tell what that might be... (Oh, I didn't check
> what umask was, but it should have been 022...)

Hrm. I don't think group permissions would even matter. We asked to
mkdir() with 0700 anyway, so we know they'd be zero.

But a funny umask does seem like a likely candidate for causing the
problem. We asked for 0700, but if there were bits set in umask (say,
0200 or something), that would restrict that further. And it would
explain what you're seeing (inability to write into a directory we
just created), and it might have worked with previous versions (which
was less strict on the group permissions).

I don't suppose this is leaving those incoming-* directories sitting
around so we can inspect their permissions (it's suppose to clean them
up, so I doubt it). If you're up for it, it might be interesting to
patch Git to inspect the umask and "ls -l" the objects/ directory at the
problematic moment. The interesting point is when we call into
tmp-objdir.c:setup_tmp_objdir().

-Peff

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: sharedrepository=group not working
  2018-12-04  4:50     ` Jeff King
@ 2018-12-04  5:24       ` Jamie Zawinski
  0 siblings, 0 replies; 6+ messages in thread
From: Jamie Zawinski @ 2018-12-04  5:24 UTC (permalink / raw)
  To: Jeff King; +Cc: git

On Dec 3, 2018, at 8:50 PM, Jeff King <peff@peff.net> wrote:
> 
> I don't suppose this is leaving those incoming-* directories sitting
> around so we can inspect their permissions (it's suppose to clean them
> up, so I doubt it). If you're up for it, it might be interesting to
> patch Git to inspect the umask and "ls -l" the objects/ directory at the
> problematic moment. The interesting point is when we call into
> tmp-objdir.c:setup_tmp_objdir().

The problem was that Apache was setting my umask to 113! With that:

+ ls -ldF ./objects/incoming-w7agmb/pack objects/incoming-w7agmb
ls: cannot access ./objects/incoming-w7agmb/pack: Permission denied
drw---S--- 2 apache cvs 4096 Dec  3 21:14 objects/incoming-w7agmb/
error: remote unpack failed: unable to create temporary object directory

With 002 it succeeds:

+ ls -ldF ./objects/incoming-IbGS6h/pack objects/incoming-IbGS6h
drwx--S--- 3 apache cvs 4096 Dec  3 21:19 objects/incoming-IbGS6h/
drwxrwsr-x 2 apache cvs 4096 Dec  3 21:19 ./objects/incoming-IbGS6h/pack/

So I fixed my umask and got it working, but maybe a test for "your umask is dumb" is worthwhile.

Thanks for your help!

--
Jamie Zawinski      https://www.jwz.org/      https://www.dnalounge.com/


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-04  3:27 sharedrepository=group not working Jamie Zawinski
2018-12-04  4:09 ` Jeff King
2018-12-04  4:19   ` Jamie Zawinski
2018-12-04  4:20     ` Jamie Zawinski
2018-12-04  4:50     ` Jeff King
2018-12-04  5:24       ` Jamie Zawinski

git@vger.kernel.org mailing list mirror (one of many)

Archives are clonable:
	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.org/gmane.comp.version-control.git

 note: .onion URLs require Tor: https://www.torproject.org/
       or Tor2web: https://www.tor2web.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox