0

I have this Debian VM on Google where I can't git pull even when I'm included in the group with permission to wrx.

So here are the specifics:

  • the error returned by git pull is error: cannot update the ref 'refs/remote/origin/my-branch': Permission Denied
  • git directory has 775 permission
  • git directory is owned by www-data:my-group
  • git pull works when I change the ownership to my-username:my-group
  • can't have myself as the owner of the git directory as www-data needs ownership to write
  • the git repo is a CodeIgniter 3 project
  • VM uses php7.4

Note:

  • I've checked my-group with "getent group my-group" and can see my-username there
SuperNoob
  • 23
  • 1
  • 6
  • 3
    i wouldn't be surprised if you have mixed permissions inside that repo. Check permissions on that file specifically to make sure (`.git/refs/remotes/origin/branch-name`). If the file does not exist, then the problem is probably on the permissions for directory `.git/refs/remotes/origin` – eftshift0 May 11 '23 at 07:32
  • 3
    [Please do not upload images of code/data/errors.](//meta.stackoverflow.com/q/285551) Did you run `git` as `root` before? – Bodo May 11 '23 at 07:35
  • Make the repo group-shareable: https://stackoverflow.com/a/69193032/7976758 . Set `umask 002` for user `www-data`. – phd May 11 '23 at 07:37
  • Sharing a Git directory with a group seems like a weird attempt to use Git and very probably an [XY Problem](https://en.wikipedia.org/wiki/XY_problem). The trivial and obvious solution is to have your own working copy, and push to a shared repo when you wish to share changes. – tripleee May 11 '23 at 07:49
  • @tripleee How to allow for a few different users to push over SSH without giving them full permissions of the destination user `www-data`? – phd May 11 '23 at 07:52
  • Don't host under `www-data`? – tripleee May 11 '23 at 07:53
  • @tripleee The OP rejected this already: "*can't have myself as the owner of the git directory as www-data needs ownership to write*" – phd May 11 '23 at 07:55
  • That doesn't mean the repo has to be owned by `www-data`. – tripleee May 11 '23 at 07:57
  • @tripleee So group-sharing is still the answer? :-) – phd May 11 '23 at 08:01
  • Well no; a better solution is to use a tool which controls access properly, as you [are no doubt aware.](https://stackoverflow.com/a/47907875/874188) – tripleee May 11 '23 at 08:20

1 Answers1

0

eftshift0's comment solved the issue

i wouldn't be surprised if you have mixed permissions inside that repo. Check permissions on that file specifically to make sure (.git/refs/remotes/origin/branch-name). If the file does not exist, then the problem is probably on the permissions for directory .git/refs/remotes/origin

Somehow the grp ownership of some files inside .git changed since the last time I checked. A quick chmod -R 775 solved the issue.

Bodo
  • 9,287
  • 1
  • 13
  • 29
SuperNoob
  • 23
  • 1
  • 6
  • 1
    Instead of citing my comment in your answer you should [edit your question](https://stackoverflow.com/posts/76224987/edit) and replace the screenshot with pasted text, formatted as a code block. If the group *ownership* would have change, you would have to use `chown` or `chgrp` instead of `chmod`. If "somehow" the permissions changed you should find out what caused this change. Maybe a wrong configuration somewhere related to your web server? – Bodo May 11 '23 at 17:24