Skip to content

Unable to access '/etc/gitconfig': Permission denied #32207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vollstock opened this issue Oct 7, 2024 · 10 comments
Closed

Unable to access '/etc/gitconfig': Permission denied #32207

vollstock opened this issue Oct 7, 2024 · 10 comments
Labels
issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea

Comments

@vollstock
Copy link

Description

Since a couple of days, out of a sudden, we can no longer access any of our repositories.

The frontend shows a 500 error:

GetBranchCommit, exit status 128 - warning: unable to access '/etc/gitconfig': Permission denied
warning: unable to access '/etc/gitconfig': Permission denied
fatal: unknown error occurred while reading the configuration files

Our provider has moved the virtual server we are using but I can not think of a reason why this should change anything regarding permissions inside the virtual machine?! Maybe a git update?

The default snap behaviour is to run Gitea as root and we haven’t changed that.
If there is anything we can test, check or provide, please let us know.

Gitea Version

1.22.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/vollstock/341fb6739a3f3ac88923081fe665384c

Screenshots

No response

Git Version

2.34.1

Operating System

Ubuntu 22.04.5 LTS

How are you running Gitea?

snap package with systemd

Database

SQLite
@eeyrjmr
Copy link
Contributor

eeyrjmr commented Oct 7, 2024

You need to speak to your provider , permissions were not set

@vollstock
Copy link
Author

Like I described, Gitea is running as root and a move of the Virtual Machine should not change anything about permissions inside of it.

Even if I set the permissions of /etc/gitconfigto something very permissive, it won’t work:

sudo chmod 0766 /etc/gitconfig

@vollstock
Copy link
Author

I just found out, that I can browse the repositories again when moving /etc/gitconfig to '/etc/gitconfig_BAK`.
Reading this StackOverflow Question, I tried recreating the fail.

No success. If the file is there, Gitea shows the error. If I remove it, everything seems to work.
What is Gitea doing with it? It definitely has read access:

-rw-rw-r-- 1 root root 126 Jun 13  2023 /etc/gitconfig

@lunny lunny added issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea and removed type/bug labels Oct 7, 2024
@lunny
Copy link
Member

lunny commented Oct 7, 2024

The configuration file will be read by git command line when Gitea invokes git commands. It should not be a bug of Gitea rather than a permission configuration problem.

@vollstock
Copy link
Author

Our instance of Gitea was installed using the Ubuntu snap package (Just like the GitKraken instance in the link above).
It seems, the problem didn’t start with the move to a new server but rhather with an update.

I understand Gitea is just trying to read the system provided file, I'll ask anyway: do you have any idea what might cause that file to be locked? And why Gitea might not be able to access it despite being run as root?

I have run some checks:

# fuser - identify processes using files or sockets
~$ fuser /etc/gitconfig

# no result, so nothing really holds a lock on the file
# lsof - list open files
~$ lsof | grep /etc/gitconfig

# no result either, the file is not opened by any process
# ps - report a snapshot of the current processes
~$ ps -U root -u root u | grep gitea
root     1562209  0.1  4.3 2213708 173012 ?      Ssl  Jan03   9:53 /snap/gitea/7224/gitea web
# confirm that gitea is indeed run as root

My suspicion is, that this has to do with the Gitea snap being sandboxed.
Snap is an install method listed in the docs. Does this cause any trouble to other users?

@TheFox0x7
Copy link
Contributor

I think this won't be an issue after 1.24 as /etc/gitconfig won't be accessed by gitea anymore, but I have no way to test it.

@vollstock
Copy link
Author

I will wait and test

@Rubenisme
Copy link

The app armor profile is disallowing this. You can check with sudo dmesg | grep DENIED and it will say the profile name (snap.gitea.web).
In case you don't want to wait for the 1.2.4 release you can temporarily edit the app armor profile:

  • Open the profile: sudo nano /var/lib/snapd/apparmor/profiles/snap.gitea.web
  • Add the rule (under 'miscellaneous' section for example): /etc/gitconfig r,
  • Then reload the AppArmor profile: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.gitea.web
  • And restart the service: sudo snap restart gitea

@vollstock
Copy link
Author

Perfect, thank you :-)

This also feels like the right way from the start.
But since access to /etc/config will be removed in the next version, I guess, this discussion is probably obsolete.

@wxiaoguang
Copy link
Contributor

In 1.24, we don't use the global gitconfig anymore ( Make Gitea always use its internal config, ignore /etc/gitconfig #33076 )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@lunny @Rubenisme @wxiaoguang @eeyrjmr @vollstock @TheFox0x7