0

I'm having a weird permissions issue. It seems that being logged in as a particular user I have different permissions than when I sudo su into that user.

Using su to become quantka causes a git permissions error:

sudo su quantka -c "git fetch"
conq: repository access denied.
fatal: The remote end hung up unexpectedly

But just being logged in as quantka works:

quantka@quantka:~$ whoami
quantka
quantka@quantka:~$ git fetch
quantka@quantka:~$

To add to the mystery, this also works:

quantka@quantka:~$ su quantka -c "git fetch"
Password:

But this isn't a viable solution because this needs to be run from a script, can't prompt for password.

I thought these were supposed be identical?

quantka
  • 920
  • 1
  • 10
  • 15
  • First of all, `sudo su` is weirdness. What `sudo` does is executes a command as another user, so you should be doing `sudo -u quantka git fetch`. Second, `sudo` messes with environment for security. You problem seems to be that git doesn't find the right public key, but I'm not sure what exacly causes the issue… – kirelagin Jun 11 '13 at 23:02
  • You're right, it is a weird thing to do. The reason I was doing it (which may be somewhat convoluted) is because what I am really trying to do is debug a permissions problem with a script that is run on boot (with root permissions). Anyway, I tried your suggestion `sudo -u quantka git fetch` and got the same permission denied error. – quantka Jun 12 '13 at 13:52

2 Answers2

0

Your environment might be the issue (sudo scrubs some of the environment, and leaves the rest).

I'd try dropping su and use the sudo's -u flag in combination with the -i flag to simulate login conditions:

sudo -u quantka -i git fetch
robin
  • 1
  • Oddly enough, I get this error: Run `sudo -u sookbox -i git fetch` then `fatal: Not a git repository (or any of the parent directories): .git` (I am in the same folder as before which definitely IS a git repo.) – quantka Jun 12 '13 at 13:44
0

It turns out this was an environment variables issue. The relevant environment variable for ssh access to the remote git repo is SSH_AUTH_SOCK.

Adding the -E flag to the sudo command specifies that environment variables should be preserved, so this works:

sudo -E su quantka -c "git fetch"
quantka
  • 920
  • 1
  • 10
  • 15