Cannot create a new Gitea user without Gitea system user having read/execute access to current directory

[zbrojny120]

• Gitea version (or commit ref): 1.4.3
• Git version: 2.18.0
• Operating system: FreeBSD 11.2
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

Trying to create a new user using command-line tools (sudo -u git gitea admin create-user --name=user --password=pass [email protected] --config=/usr/local/etc/gitea/conf/app.ini, git being Gitea user) while being in a directory without Gitea user having access to it (like /home/john with 700 permissions) causes this error:

panic: error getting work directory: stat .: permission denied                                                                                                                    
                                                                                                                                                                                  
goroutine 1 [running]:                                                                                                                                                            
code.gitea.io/gitea/vendor/gopkg.in/macaron%2ev1.init.1()                                                                                                                         
        /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/gopkg.in/macaron.v1/macaron.go:317 +0x125

Entering a different directory with git having access to it (/ for example) fixes this issue. Honestly I do not really understand why gitea even checks the current directory, as it has nothing to do with what it is doing.

[lafriks]

Seems like upstream issue in our used framework (go-macaron) but not sure why

[kaesaecracker]

I am currently (trying) to install gitea for the first time and have the same issue.

[mrsdizzie]

This is because Macaron runs os.Getwd()on init:

https://github.com/go-macaron/macaron/blob/4df59ae8a50bd2e82ed915ff1ce764b1bb128a9d/macaron.go#L311-L319

"Getwd returns a rooted path name corresponding to the current directory."

So when run in a folder that the running user doesn't have permissions in, this call will fail. Either GItea can try and detect this, and switch to a location where the user does have permissions if appropriate (like running one off commands) using Chdir, or it should be specific that it requires being run in a folder with permissions.

[zeripath]

Damn it calls this on init() which doesn't give us much time to fix things. I suppose I should be thankful that it's called macaron so we have a large amount of lexical space to work in.

[zeripath]

We could just temporarily move ourselves to a temporary path, and once macaron has initialized move ourselves back?

[zeripath]

OK could someone try #6559 overnight. It might fire early enough to protect otherwise we'll have to move to a file perhaps called a.go

[marbetschar]

Also ran into this. Made a temporary workaround in /etc/systemd/system/gitea.service:

...
# we need to change to the home dir first due to a bug.
# @see: https://github.com/go-gitea/gitea/issues/4634
ExecStartPre=/usr/bin/cd $HOME
...

[wxiaoguang]

Outdated, there are a lot of refactoring for the vendor packages.

Feel free to reopen if there is still a problem.