unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
From: "Thompson, David" <dthompson2@worcester.edu>
To: 56444@debbugs.gnu.org
Subject: bug#56444: Patch to fix Gitolite home directory permissions
Date: Fri, 19 Aug 2022 09:32:20 -0400	[thread overview]
Message-ID: <CAJ=RwfbfUSX2zzOxSFPhzd1yZQREFqi_1PHh_=HX0VufNrLNAw@mail.gmail.com> (raw)
In-Reply-To: <87zghkehdd.fsf@pisemsky.com>


[-- Attachment #1.1: Type: text/plain, Size: 718 bytes --]

Hi Evgeny and whoever wants to do some code review,

I have been experiencing this same issue for years now and have been
manually chmod'ing /var/lib/gitolite every time I upgraded because I didn't
understand what was happening.  All this time I thought I had gitolite
misconfigured, that maybe I didn't have its umask config set properly, but
it was Guix all along! In this case that's great, because it makes the
problem easy for me to fix.  Patch attached.  It works like a charm for my
personal git server (https://git.dthompson.us), /var/lib/gitolite was 700
before a system reconfigure, and 750 afterwards.

Big thanks to Evgeny for making a bug report and doing the research to
identify the root cause!

- Dave

[-- Attachment #1.2: Type: text/html, Size: 889 bytes --]

[-- Attachment #2: 0001-services-gitolite-Relax-permissions-on-service-user-.patch --]
[-- Type: text/x-patch, Size: 1710 bytes --]

From f35cb018df8498db45689dc0e9800b99008a9dea Mon Sep 17 00:00:00 2001
From: David Thompson <dthompson2@worcester.edu>
Date: Fri, 19 Aug 2022 09:20:06 -0400
Subject: [PATCH] services: gitolite: Relax permissions on service user home
 directory.

Fixes https://issues.guix.gnu.org/56444

* gnu/services/version-control.scm (gitolite-activation): Modify permissions
  on home directory so that git group has read access.

Reported-by: Evgeny Pisemsky <evgeny@pisemsky.com>

Experienced by David Thompson for years, wondering what was wrong. Thanks for
finding the root cause, Evgeny! :)
---
 gnu/services/version-control.scm | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm
index defbd65c36..17a5f9c867 100644
--- a/gnu/services/version-control.scm
+++ b/gnu/services/version-control.scm
@@ -331,6 +331,14 @@ access to exported repositories under @file{/srv/git}."
                                (strip-store-file-name admin-pubkey))))
                 (rc-file #$(string-append home "/.gitolite.rc")))
 
+           ;; activate-users+groups in (gnu build activation) sets the
+           ;; permission flags of home directories to #o700 and mentions that
+           ;; services needing looser permissions should chmod it during
+           ;; service activation.  We also want the git group to be able to
+           ;; read from the gitolite home directory, so a chmod'ing we will
+           ;; go!
+           (chmod #$home #o750)
+
            (simple-format #t "guix: gitolite: installing ~A\n" #$rc-file)
            (copy-file #$rc-file rc-file)
            ;; ensure gitolite's user can read the configuration
-- 
2.25.1


  parent reply	other threads:[~2022-08-19 13:33 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-07 21:35 bug#56444: Gitolite home directory permissions Evgeny Pisemsky
     [not found] ` <handler.56444.B.165722972531874.ack@debbugs.gnu.org>
2022-07-08  8:10   ` bug#56444: Acknowledgement (Gitolite home directory permissions) Evgeny Pisemsky
2022-08-19 13:32 ` Thompson, David [this message]
2022-08-23 12:41   ` bug#56444: Patch to fix Gitolite home directory permissions Maxime Devos
2022-08-23 14:45     ` Thompson, David
2022-08-29 12:49       ` Thompson, David
2022-08-29 12:52         ` Maxime Devos
2022-08-29 12:57           ` bug#56444: [EXT] " Thompson, David
2022-08-29 13:09             ` Maxime Devos
2022-08-29 13:11             ` Maxime Devos
2022-08-29 13:19             ` Maxime Devos
2022-08-29 13:30               ` bug#56444: [EXT] " Thompson, David
2022-08-29 13:44                 ` Maxime Devos
2022-08-29 13:59                   ` bug#56444: [EXT] " Thompson, David
2022-08-29 21:05                     ` zimoun
2022-08-30 15:20                     ` bug#56444: " Ludovic Courtès
2022-08-30 16:39                       ` bug#56444: [EXT] " Thompson, David
2022-08-30 18:31                       ` david larsson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAJ=RwfbfUSX2zzOxSFPhzd1yZQREFqi_1PHh_=HX0VufNrLNAw@mail.gmail.com' \
    --to=dthompson2@worcester.edu \
    --cc=56444@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).