Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Second docker run always results in 'permission denied' #5

Open
webdevotion opened this issue Jul 13, 2016 · 13 comments
Open

Second docker run always results in 'permission denied' #5

webdevotion opened this issue Jul 13, 2016 · 13 comments

Comments

@webdevotion
Copy link

webdevotion commented Jul 13, 2016
edited
Loading

I've got Gitlab up and running ( meaning I was able to add a new Github remote to my Mirrors group using the gitlab-mirrors.sh script below ).
But every time I try to run another command I get:

ϟ ./gitlab-mirrors.sh ls
chown: /data/Mirrors/project-x/objects/pack/pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.idx: Permission denied
chown: /data/Mirrors/project-x/objects/pack/pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.pack: Permission denied

contents of gitlab-mirrors.sh:

docker run --rm -i \
  -v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \
  -v "${PWD}/config:/config" \
  -v "${PWD}/mirrors:/data/Mirrors" \
  -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK \
  -e GITLAB_MIRROR_GITLAB_UID=1000 \
  -e GITLAB_MIRROR_GITLAB_USER=gitmirror \
  -e GITLAB_MIRROR_GITLAB_NAMESPACE=Mirrors \
  -e GITLAB_MIRROR_GITLAB_URL=http://my-gitlab.com \
  quay.io/klowner/gitlab-mirrors:latest ${@:1}

When I remove those files I can run for example update one more time, but the second run I will see the same problem again.
@Klowner
Copy link
Owner

Klowner commented Jul 13, 2016

Hmm, what are the ownership/permissions on /data/Mirrors/project-x/objects/pack/pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.idx ?

@webdevotion
Copy link
Author 

ϟ ls -al mirrors/project-x/objects/pack/
total 744
drwxr-xr-x@ 4 webdevotion  staff     136 Jul 13 17:38 .
drwxr-xr-x@ 4 webdevotion  staff     136 Jul 13 17:31 ..
-r--r--r--  1 webdevotion  staff   40412 Jul 13 17:38 pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.idx
-r--r--r--  1 webdevotion  staff  337625 Jul 13 17:38 pack-dca3292bf5a38f06677b52995ebf594a2b3dd4d5.pack

@Klowner
Copy link
Owner

Klowner commented Jul 13, 2016

Very strange that those files are read-only.. Your user (webdevotion) is 1000, yeah?

@webdevotion
Copy link
Author

webdevotion commented Jul 13, 2016
edited
Loading 

ϟ whoami
webdevotion
ϟ id -u
501

Changed the script to use $(id -u) and tried with a hardcoded 501 in there. Same result.

@Klowner
Copy link
Owner

Klowner commented Jul 13, 2016

Ah, maybe it's not that weird. All of my pack and idx files are also read-only.

Change your GITLAB_MIRROR_GITLAB_UID to 501 and it should work.

@webdevotion
Copy link
Author

I tried your suggestions in a couple of flavours to no avail.
Thank you for responding so swiftly.

With my host system's user:

  -e GITLAB_MIRROR_GITLAB_UID=501 \
  -e GITLAB_MIRROR_GITLAB_USER=webdevotion \

With a git user ( just because I can ):

  -e GITLAB_MIRROR_GITLAB_UID=501 \
  -e GITLAB_MIRROR_GITLAB_USER=git \

And with the user that I created in gitlab to use gitlab-mirrors:

  -e GITLAB_MIRROR_GITLAB_UID=501 \
  -e GITLAB_MIRROR_GITLAB_USER=gitmirror \

I'm obviously missing something here.

@webdevotion
Copy link
Author

webdevotion commented Jul 13, 2016
edited
Loading

Just checked the users on the gitlab container:

$ cut -d: -f1 /etc/passwd                                                                                                                                                                          
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
libuuid
syslog
sshd
git

So, shouldn't I be using git as the value of GITLAB_MIRROR_GITLAB_USER?

@Klowner
Copy link
Owner

Klowner commented Jul 13, 2016

Daaah, my apologies, another documentation error.

Firstly, change GITLAB_MIRROR_GITLAB_UID to GITLAB_MIRROR_UID, it should remain 501, however.

As for GITLAB_MIRROR_GITLAB_USER, that is the username for the gitlab account that will be performing mirroring. GITLAB_MIRROR_USER however, defaults to "git" which should be correct for most configurations.

Klowner added a commit that referenced this issue Jul 13, 2016
@Klowner
replace GITLAB_MIRROR_GITLAB_UID with GITLAB_MIRROR_UID in examples i…
9b44ccc 
…n readme. related to #5
@Klowner
Copy link
Owner

Klowner commented Jul 16, 2016

Any luck?

@webdevotion
Copy link
Author

I've put the 'chown' command in the update script in comments now in a personal fork of this repo and am sailing smoothly atm.

What's the purpose of the 'chown'?

@Klowner
Copy link
Owner

Klowner commented Jul 17, 2016

Glad to hear you at least found a workaround. Without chown I'm fairly certain I was ending up with root-owned data. Do you mind me asking what distro you're using? I'd like to see if I can reproduce my problem with the crown calls removed.

👍

@Klowner
Copy link
Owner

Klowner commented Jul 17, 2016

Also thanks for the follow up. :)

On Sat, Jul 16, 2016, 5:40 PM webdevotion notifications@github.com wrote:

I've put the 'chown' command in the update script in comments now in a
personal fork of this repo and am sailing smoothly atm.

What's the purpose of the 'chown'?


You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#5 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAknldTSpP3XSInef7gDomkbqdF5DOeks5qWV3XgaJpZM4JLjXk
.

@webdevotion
Copy link
Author

@Klowner Ubuntu 14.04 and 16.04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Klowner @webdevotion