2016-02-05 21:05
浏览 157


I have an www-data running with php which is controlling a git server. The www-data user creates Unix users (having given it sudo adduser), and those users are supposed to control their own private git directory, where each user can house his/hers repositories.

I've followed this guide at least ten times, in addition to which, I'm also following this guide in order to create the git server.

  • Apache adds a unix user bar, with a home in /var/www/git/bar and the user has no password (--disable-password)

  • The user bar is part of group gitusers which allows +rwx to the group members, and has his shell set to /usr/bin/git-shell.

  • This is done so that www-data can access his home directory and populate it with repositories and ssh keys.

  • The skeleton home directory is also populated with git-shell-commands and the user www-data creates an /var/www/git/bar/.ssh/authorized_keys where it appends my test user's foo public key.

When www-data adds a new user and then a new repository it does:

sudo adduser --disabled password\
             --home /var/www/git/bar\
             --conf /var/www/conf/adduser.conf\
             --ingroup gitusers\

The above ^^ is done via php. The .ssh and authorized_keys are owned by www-data.

Then www-data proceeds to create a new directory and initialize it:

  • mkdir /var/www/git/bar/test.git
  • cd /var/www/git/bar/test
  • git --bare init

My test user foo can read it from ssh (it just clones an empty repository). Once I try to push an initial commit:

git clone ssh://foo@localhost:/var/www/git/bar/test.git
cd test
touch readme
vim readme
git add .
git commit -m "init"
git push origin master
foo@'s password:
Counting objects: 6, done.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (6/6), 411 bytes | 0 bytes/s, done.
Total 6 (delta 0), reused 0 (delta 0)
remote: error: insufficient permission for adding an object to repository database ./objects
remote: fatal: failed to write object
error: unpack failed: unpack-objects abnormal exit
To ssh://foo@localhost:/var/www/git/bar/random.git
 ! [remote rejected] master -> master (unpacker error)
error: failed to push some refs to 'ssh://foo@localhost:/var/www/git/bar/random.git'

I am asked for foo user's password (which is the user with the public key).

This is NOT the Unix user who owns the home directory, that is user bar who has a disabled password.

  1. why am I being asked for an ssh password? shouldn't they ssh key take care of that?
  2. If I create a bar with a password, then I can use that git repository, replacing foo@localhost:/var/www/git/bar with bar@localhost:/var/www/git/bar
  3. When I don't use ssh:// at all, I am still able to clone but get the same error when pushing asfoo but not as bar provided I enable the password.

What am I doing wrong?

Is it because the permissions of .ssh and authorized_keys are too open or not owned by bar?

Even when I go (as sudo) into the bar homedir and make everything owned by him, I still get the same error.

Finally, I have set my .ssh/config for test user foo so that:

Host localhost
     IdentityFile ~/.ssh/foo
     User foo
  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

相关推荐 更多相似问题