WebFaction
Community site: login faq

I have created a git application with a domain and website and a second ssh user. I have given this user access to the application directory as described here:

https://docs.webfaction.com/software/general.html#granting-access-to-specific-users

I found that the website was returning a 500 error because my main user did not have correct permissions for the gitweb script. I fixed this using 'chmod 711 . script' as described here:

https://docs.webfaction.com/software/static.html#error-premature-end-of-script-headers

However, changing the permissions is this way removes the permissions I initially granted to the second ssh user. I have tried a few things with setfacl and chmod but so far I have not found any solution that allows both the ssh user to access the directory and the website to function properly. I am new to shared hosting and managing permissions in this manner so any help would be appreciated.

Thanks

asked 31 Aug '15, 21:00

sulibarri
133
accept rate: 0%


Since gitweb uses CGI, it's not really suitable for serving repos over both SSH and HTTP, for the reasons that you're seeing - that is, the permissions required for SSH access conflict with the permission required for CGI access.

If you want to access a repo via SSH, then I recommend that you create your repo at the command line in your home directory, outside of the webapps directory, and work with it via SSH exclusively.

If you want to access a repo via gitweb, then I recommend that you do that exclusively, and don't try to give any SSH users permissions on the repo.

Actually, I take that back. Here is a workaround that seems to meet both needs in my tests:

  1. Create a ~/repos directory at the root of your home directory.
  2. Grant your SSH users permissions in that directory.
  3. Edit your app's git.cgi to set GIT_PROJECT_ROOT=/home/you/repos/
  4. Edit your app's gitweb.cgi to set $projectroot = "/home/you/repos"

Hope that helps!

permanent link

answered 31 Aug '15, 23:27

seanf
12.2k31836
accept rate: 37%

edited 31 Aug '15, 23:38

Thanks, that makes a lot of sense. I am building an app with a friend and the ssh user was meant for him to have access to all applications related to the project. It made sense (in my head at least) for the user to have permissions on the repo directly but I can now see why this causes a conflict with gitweb. I guess I will ask him how he would prefer to have access and configure it accordingly.

(31 Aug '15, 23:34) sulibarri

See my edit for a possible best-of-both-worlds solution :)

(31 Aug '15, 23:37) seanf

You should place the app within your main user's directory and grant the secondary user access to that via setfacl or the control panel, not the other way around. You can't host webapps in secondary user's accounts without issues, they are designed to be in the main user account.

permanent link

answered 31 Aug '15, 23:06

johns ♦♦
5.3k212
accept rate: 23%

Sorry if I was not clear. The app is in the webapps directory of my main account as it should be. I gave the second ssh user permissions to it via setfacl as directed by the instructions in my first link. My problem is that I cannot access the git webapp with those permissions in place, it returns a 500 error code. The solution shown in the second link fixes the 500 error problem but also revokes the permissions I gave to the ssh user via setfacl.

(31 Aug '15, 23:22) sulibarri
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×110
×64
×19

question asked: 31 Aug '15, 21:00

question was seen: 1,745 times

last updated: 31 Aug '15, 23:38

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM