lunny/gitea
Archived
1
1
Fork 1
Code Issues 1.7k Pull Requests 154 Projects Releases 128 Wiki Activity

Cannot create a new Gitea user without Gitea system user having read/execute access to current directory #4634

New Issue
Open
opened 2018-08-07 12:47:00 +00:00 by zbrojny120 · 7 comments
zbrojny120 commented 2018-08-07 12:47:00 +00:00 (Migrated from github.com)
Copy Link
  • Gitea version (or commit ref): 1.4.3
  • Git version: 2.18.0
  • Operating system: FreeBSD 11.2
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

Trying to create a new user using command-line tools (sudo -u git gitea admin create-user --name=user --password=pass --email=user@example.com --config=/usr/local/etc/gitea/conf/app.ini, git being Gitea user) while being in a directory without Gitea user having access to it (like /home/john with 700 permissions) causes this error:

panic: error getting work directory: stat .: permission denied                                                                                                                    
                                                                                                                                                                                  
goroutine 1 [running]:                                                                                                                                                            
code.gitea.io/gitea/vendor/gopkg.in/macaron%2ev1.init.1()                                                                                                                         
        /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/gopkg.in/macaron.v1/macaron.go:317 +0x125

Entering a different directory with git having access to it (/ for example) fixes this issue. Honestly I do not really understand why gitea even checks the current directory, as it has nothing to do with what it is doing.

- Gitea version (or commit ref): 1.4.3 - Git version: 2.18.0 - Operating system: FreeBSD 11.2 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description Trying to create a new user using command-line tools (`sudo -u git gitea admin create-user --name=user --password=pass --email=user@example.com --config=/usr/local/etc/gitea/conf/app.ini`, git being Gitea user) while being in a directory without Gitea user having access to it (like `/home/john` with `700` permissions) causes this error: ``` panic: error getting work directory: stat .: permission denied goroutine 1 [running]: code.gitea.io/gitea/vendor/gopkg.in/macaron%2ev1.init.1() /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/gopkg.in/macaron.v1/macaron.go:317 +0x125 ``` Entering a different directory with git having access to it (`/` for example) fixes this issue. Honestly I do not really understand why gitea even checks the current directory, as it has nothing to do with what it is doing.
👍 4
lafriks commented 2018-08-07 17:05:21 +00:00 (Migrated from github.com)
Copy Link

Seems like upstream issue in our used framework (go-macaron) but not sure why

Seems like upstream issue in our used framework (go-macaron) but not sure why
kaesaecracker commented 2018-09-23 15:43:45 +00:00 (Migrated from github.com)
Copy Link

I am currently (trying) to install gitea for the first time and have the same issue.

I am currently (trying) to install gitea for the first time and have the same issue.
mrsdizzie commented 2019-04-09 20:13:47 +00:00 (Migrated from github.com)
Copy Link

This is because Macaron runs os.Getwd()on init:

4df59ae8a5/macaron.go (L311-L319)

"Getwd returns a rooted path name corresponding to the current directory."

So when run in a folder that the running user doesn't have permissions in, this call will fail. Either GItea can try and detect this, and switch to a location where the user does have permissions if appropriate (like running one off commands) using Chdir, or it should be specific that it requires being run in a folder with permissions.

This is because Macaron runs ```os.Getwd()```on init: https://github.com/go-macaron/macaron/blob/4df59ae8a50bd2e82ed915ff1ce764b1bb128a9d/macaron.go#L311-L319 "Getwd returns a rooted path name corresponding to the current directory." So when run in a folder that the running user doesn't have permissions in, this call will fail. Either GItea can try and detect this, and switch to a location where the user does have permissions if appropriate (like running one off commands) using Chdir, or it should be specific that it requires being run in a folder with permissions.
zeripath commented 2019-04-09 21:07:27 +00:00
Contributor
Copy Link

Damn it calls this on init() which doesn't give us much time to fix things. I suppose I should be thankful that it's called macaron so we have a large amount of lexical space to work in.

Damn it calls this on `init()` which doesn't give us much time to fix things. I suppose I should be thankful that it's called `macaron` so we have a large amount of lexical space to work in.
zeripath commented 2019-04-09 21:19:58 +00:00
Contributor
Copy Link

We could just temporarily move ourselves to a temporary path, and once macaron has initialized move ourselves back?

We could just temporarily move ourselves to a temporary path, and once macaron has initialized move ourselves back?
zeripath commented 2019-04-09 21:42:59 +00:00
Contributor
Copy Link

OK could someone try #6559 overnight. It might fire early enough to protect otherwise we'll have to move to a file perhaps called a.go

OK could someone try #6559 overnight. It might fire early enough to protect otherwise we'll have to move to a file perhaps called a.go
marbetschar commented 2019-04-12 08:37:32 +00:00 (Migrated from github.com)
Copy Link

Also ran into this. Made a temporary workaround in /etc/systemd/system/gitea.service:

...
# we need to change to the home dir first due to a bug.
# @see: https://github.com/go-gitea/gitea/issues/4634
ExecStartPre=/usr/bin/cd $HOME
...
Also ran into this. Made a temporary workaround in `/etc/systemd/system/gitea.service`: ``` ... # we need to change to the home dir first due to a bug. # @see: https://github.com/go-gitea/gitea/issues/4634 ExecStartPre=/usr/bin/cd $HOME ... ```
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
backport/done

   
backport/v1.0

   
backport/v1.1

   
backport/v1.10

   
backport/v1.11

   
backport/v1.12

   
backport/v1.13

   
backport/v1.14

   
backport/v1.15

   
backport/v1.2

   
backport/v1.3

   
backport/v1.4

   
backport/v1.5

   
backport/v1.6

   
backport/v1.7

   
backport/v1.8

   
backport/v1.9

   
bounty

   
changelog

   
dependencies

Pull requests that update a dependency file

  
frontport/done

   
frontport/main

   
good first issue

Likely to be an easy fix

  
Hacktoberfest

   
hacktoberfest-accepted

   
in progress

   
kind/api

   
kind/breaking

   
kind/bug

   
kind/build

   
kind/deployment

   
kind/deprecated

   
kind/docs

   
kind/enhancement

   
kind/feature

   
kind/lint

   
kind/misc

   
kind/moderation

features for moderateing spam, abuse, ...

  
kind/package

   
kind/proposal

   
kind/question

   
kind/refactor

   
kind/regression

   
kind/security

   
kind/summary

   
kind/testing

   
kind/translation

   
kind/ui

   
kind/upstream-related

An issue that is caused by an upstream dependency

  
kind/usability

   
kind/ux

   
lgtm/done

   
lgtm/need 1

   
lgtm/need 2

   
performance/bigrepo

Performance Issues affecting Big Repositories

  
performance/cpu

   
performance/memory

Performance issues affecting memory use

  
performance/speed

performance issues with slow downs

  
priority/critical

   
priority/low

   
priority/maybe

   
priority/medium

   
proposal/rejected

   
reviewed/confirmed

Issue has been reviewed and confirmed to be present or accepted to be implemented

  
reviewed/duplicate

   
reviewed/fixed

A fix for this issue is already in the attached milestone

  
reviewed/invalid

   
reviewed/not-a-bug

The reported issue is the intended behavior

  
reviewed/wontfix

   
skip-changelog

   
stale

   
status/blocked

   
status/needs-feedback

   
status/wip

   
theme/2fa

   
theme/authentication

   
theme/avatar

   
theme/backup-restore

   
theme/docker

Docker themed issued

  
theme/federation

   
theme/issues

   
theme/kanban

   
theme/markdown

   
theme/migration

Migration issues

  
theme/mobile

   
theme/pr

   
theme/signing

   
theme/sqlite

   
theme/timetracker

   
theme/webhook

   
theme/wiki
No Label
backport/done
backport/v1.0
backport/v1.1
backport/v1.10
backport/v1.11
backport/v1.12
backport/v1.13
backport/v1.14
backport/v1.15
backport/v1.2
backport/v1.3
backport/v1.4
backport/v1.5
backport/v1.6
backport/v1.7
backport/v1.8
backport/v1.9
bounty
changelog
dependencies
frontport/done
frontport/main
good first issue
Hacktoberfest
hacktoberfest-accepted
in progress
kind/api
kind/breaking
kind/bug
kind/build
kind/deployment
kind/deprecated
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/misc
kind/moderation
kind/package
kind/proposal
kind/question
kind/refactor
kind/regression
kind/security
kind/summary
kind/testing
kind/translation
kind/ui
kind/upstream-related
kind/usability
kind/ux
lgtm/done
lgtm/need 1
lgtm/need 2
performance/bigrepo
performance/cpu
performance/memory
performance/speed
priority/critical
priority/low
priority/maybe
priority/medium
proposal/rejected
reviewed/confirmed
reviewed/duplicate
reviewed/fixed
reviewed/invalid
reviewed/not-a-bug
reviewed/wontfix
skip-changelog
stale
status/blocked
status/needs-feedback
status/wip
theme/2fa
theme/authentication
theme/avatar
theme/backup-restore
theme/docker
theme/federation
theme/issues
theme/kanban
theme/markdown
theme/migration
theme/mobile
theme/pr
theme/signing
theme/sqlite
theme/timetracker
theme/webhook
theme/wiki
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: lunny/gitea#4634
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?