混帐-HTTP后端与AuthzUnixGroup不能正常工作 [英] git-http-backend with AuthzUnixGroup not working properly
问题描述
我想建立一个Git仓库在我的Apache 2.2上一个CentOS 6中,安装的git。我曾尝试以下许多不同的方向,我很茫然。我目前的状况包括能够克隆
正常,但作为完全无法推进。
I am trying to set up a git repository over my Apache 2.2 on a CentOS 6 box, with git installed. I have tried following many different directions, and I am at a loss. My current situation comprises of being able to clone
normally, but being completely unable to push.
这好像我不能得到认证位才能正常工作,因为我可以 http.receivepack
同时设置为真正
。
It seems as though I am incapable of getting the authentication bit to work properly, as I can normally perform the push while setting http.receivepack
to true
.
我已经安装了 AuthzUnixGroup
以及 mod_authz_external
。
我去了 /无功/网络/混帐
,并创建了一个名为我-repo.git
回购和做一个 git的初始化--bare
里面。
I went to /var/www/git
and created a repo named my-repo.git
and did a git init --bare
inside it.
然后,我建立了我的 git.conf
文件中 /etc/httpd/conf.d /
如下
Then I set up my git.conf
file inside /etc/httpd/conf.d/
as follows:
<VirtualHost "*:80">
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git /usr/libexec/git-core/git-http-backend
AddExternalAuth pwauth /usr/local/libexec/pwauth
SetExternalAuthMethod pwauth pipe
<Directory "/usr/libexec/git-core/">
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
<Location "/git">
AuthzUnixGroup on
AuthType Basic
AuthName "Git repository"
AuthBasicProvider external
AuthExternal pwauth
Require group git
</Location>
</VirtualHost>
指向我的Web浏览器 mysite的/混帐
很好让我看到HTTP基本的登录对话框,它完美的作品。我自己添加到组混帐
,并在我的壳的回报做一个组
:
Pointing my web browser to mysite/git
nicely shows me the HTTP basic login dialog, which works perfectly. I have added myself to the group git
, and doing a groups
on my shell returns:
naseri sudo git
这是预料之中的。
which is as expected.
当我这样做 git的克隆的http://mysite/git/my-repo.git
我收到从下为httpd的访问日志文件中的以下在/ var /日志/的httpd / access_log中
:
When I do git clone http://mysite/git/my-repo.git
I get the following from the access_log file for httpd under /var/logs/httpd/access_log
:
2.177.130.21 - - [11/Jun/2014:18:51:07 +0000] "GET /git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - - [11/Jun/2014:18:51:08 +0000] "GET /git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:51:08 +0000] "GET /git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 200 256 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:51:09 +0000] "POST /git/my-repo.git/git-upload-pack HTTP/1.1" 200 368 "-" "git/1.8.5.2 (Apple Git-48)"
在客户端,克隆
ING正常工作。我改变的东西左右,然后尝试混帐推
ING的内容。在提交后推
On the client, the clone
ing works properly. I change stuff around, then try to push after a commit by git push
ing the content.
这是我所得到的在服务器端日志:
This is what I get on the server side log:
2.177.130.21 - - [11/Jun/2014:18:53:26 +0000] "GET /git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:53:27 +0000] "GET /git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:53:30 +0000] "GET /git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 403 - "-" "git/1.8.5.2 (Apple Git-48)"
我可以看到我的身份验证要求响应被送回被Apache的响应(401)的第一线,但在客户端显示我:
I can see that my "Authentication Required" response is being sent back by Apache on the first line of response (401) but the client shows me:
fatal: unable to access 'http://mysite/git/my-repo.git/': The requested URL returned error: 403
我无能,这个问题,因为我的浏览器指向同一个URL正确带来了验证,它甚至作品的权利。
I am clueless as to the problem, as pointing my browser to the same URL properly brings up authentication and it even works right.
推荐答案
这旧的答案
的git-HTTP后端
将返回当客户要求使用的git - 接收包的方法403 /禁止code。结果
然后,它回落到WebDAV的,,但使用WebDAV是没有必要
git-http-backend
is returning a 403/Forbidden code when the client asks to use the git-receive-pack method.
It then falls back to WebDAV, but using WebDAV is not necessary.
我有同样的问题;在我的情况,这是由于 REMOTE_USER
未设置
I had the same problem; in my case this was due to REMOTE_USER
not being set
由于我的任何 Apache的配置使用一个 =
设置一个变量时,检查该工作得更好:
Since any of my Apache config uses an '=
' when setting a variable, check if this works better:
SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
(没有 -
'两个变量之间)
如果的不的(重新)定义 REMOTE_USER
也工作(因为它可能已经被定义,而 REDIRECT_REMOTE_USER还要检查
可能不会):尝试不使用该行结果。
我从来没有在我的Apache混帐配置来定义它。
Check also if not (re)defining REMOTE_USER
works too (because it might already been defined, while REDIRECT_REMOTE_USER
might not): try without that line.
I never have to define it in my Apache Git config.
这篇关于混帐-HTTP后端与AuthzUnixGroup不能正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!