带有 AuthzUnixGroup 的 git-http-backend 无法正常工作 [英] git-http-backend with AuthzUnixGroup not working properly
问题描述
我正在尝试在安装了 git 的 CentOS 6 机器上通过我的 Apache 2.2 建立一个 git 存储库.我尝试了许多不同的方向,但我不知所措.我目前的情况包括能够正常clone
,但完全无法推送.
似乎我无法让身份验证位正常工作,因为我可以在将 http.receivepack
设置为 true
时正常执行推送.
我已经安装了 AuthzUnixGroup
以及 mod_authz_external
.
我去了 /var/www/git
并创建了一个名为 my-repo.git
的仓库并做了一个 git init --bare
在里面.
然后我在 /etc/httpd/conf.d/
中设置我的 git.conf
文件,如下所示:
<VirtualHost "*:80">SetEnv GIT_HTTP_EXPORT_ALLSetEnv GIT_PROJECT_ROOT/var/www/gitSetEnv REMOTE_USER=$REDIRECT_REMOTE_USERScriptAlias/git/usr/libexec/git-core/git-http-backendAddExternalAuth pwauth/usr/local/libexec/pwauthSetExternalAuthMethod pwauth 管道<目录/usr/libexec/git-core/">AllowOverride 无选项 +ExecCGI -包括命令允许,拒绝允许所有人</目录><位置/git">AuthzUnixGroup onAuthType 基本AuthName "Git 存储库"AuthBasicProvider 外部Auth外部pwauth需要组 git</位置></虚拟主机>
将我的网络浏览器指向 mysite/git
很好地显示了 HTTP 基本登录对话框,它运行良好.我已将自己添加到组 git
,并在我的 shell 返回上执行 groups
:
naseri sudo git
符合预期.
当我执行 git clone http://mysite/git/my-repo.git
时,我从 /var/logs/httpd/access_log 下 httpd 的 access_log 文件中得到以下信息
:
2.177.130.21 - - [11/Jun/2014:18:51:07 +0000] "GET/git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"2.177.130.21 - - [11/Jun/2014:18:51:08 +0000] "GET/git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (苹果 Git-48)"2.177.130.21 - naseri [11/Jun/2014:18:51:08 +0000] "GET/git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 200 256 "-" "git/1.8.5.2 (苹果 Git-48)"2.177.130.21 - naseri [11/Jun/2014:18:51:09 +0000] "POST/git/my-repo.git/git-upload-pack HTTP/1.1" 200 368 "-" "git/1.8.5.2 (苹果 Git-48)"
在客户端,clone
ing 工作正常.我改变了一些东西,然后尝试在提交后通过 git push
ing 内容进行推送.
这是我在服务器端日志中得到的:
2.177.130.21 - - [11/Jun/2014:18:53:26 +0000] "GET/git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"2.177.130.21 - naseri [11/Jun/2014:18:53:27 +0000] "GET/git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (苹果 Git-48)"2.177.130.21 - naseri [11/Jun/2014:18:53:30 +0000] GET/git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1"403 - -" "git/1.8.5.2 (苹果 Git-48)"
我可以看到我的需要身份验证"响应正在由 Apache 在响应的第一行 (401) 发回,但客户端向我显示:
致命:无法访问http://mysite/git/my-repo.git/":请求的 URL 返回错误:403
我对这个问题一无所知,因为将我的浏览器指向同一个 URL 会正确地启动身份验证,并且它甚至可以正常工作.
这个旧答案
<块引用>git-http-backend
在客户端要求使用 git-receive-pack 方法时返回 403/Forbidden 代码.
然后它回退到 WebDAV,但不需要使用 WebDAV.
我遇到了同样的问题;在我的情况下,这是由于未设置 REMOTE_USER
由于我的任何 Apache config 使用设置变量时使用 '=
',检查是否效果更好:
SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
(两个变量之间没有'-
')
还要检查 not(重新)定义 REMOTE_USER
是否也有效(因为它可能已经被定义,而 REDIRECT_REMOTE_USER
可能没有):尝试没有那条线.
我永远不必在我的 Apache Git 配置中定义它.
注意:使用 Git 2.21(2019 年第一季度,5 年后),Git 应该更强大.p>
I am trying to set up a git repository over my Apache 2.2 on a CentOS 6 box, with git installed. I have tried following many different directions, and I am at a loss. My current situation comprises of being able to clone
normally, but being completely unable to push.
It seems as though I am incapable of getting the authentication bit to work properly, as I can normally perform the push while setting http.receivepack
to true
.
I have installed AuthzUnixGroup
as well as mod_authz_external
.
I went to /var/www/git
and created a repo named my-repo.git
and did a git init --bare
inside it.
Then I set up my git.conf
file inside /etc/httpd/conf.d/
as follows:
<VirtualHost "*:80">
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER
ScriptAlias /git /usr/libexec/git-core/git-http-backend
AddExternalAuth pwauth /usr/local/libexec/pwauth
SetExternalAuthMethod pwauth pipe
<Directory "/usr/libexec/git-core/">
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
<Location "/git">
AuthzUnixGroup on
AuthType Basic
AuthName "Git repository"
AuthBasicProvider external
AuthExternal pwauth
Require group git
</Location>
</VirtualHost>
Pointing my web browser to mysite/git
nicely shows me the HTTP basic login dialog, which works perfectly. I have added myself to the group git
, and doing a groups
on my shell returns:
naseri sudo git
which is as expected.
When I do git clone http://mysite/git/my-repo.git
I get the following from the access_log file for httpd under /var/logs/httpd/access_log
:
2.177.130.21 - - [11/Jun/2014:18:51:07 +0000] "GET /git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - - [11/Jun/2014:18:51:08 +0000] "GET /git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:51:08 +0000] "GET /git/my-repo.git/info/refs?service=git-upload-pack HTTP/1.1" 200 256 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:51:09 +0000] "POST /git/my-repo.git/git-upload-pack HTTP/1.1" 200 368 "-" "git/1.8.5.2 (Apple Git-48)"
On the client, the clone
ing works properly. I change stuff around, then try to push after a commit by git push
ing the content.
This is what I get on the server side log:
2.177.130.21 - - [11/Jun/2014:18:53:26 +0000] "GET /git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:53:27 +0000] "GET /git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 401 480 "-" "git/1.8.5.2 (Apple Git-48)"
2.177.130.21 - naseri [11/Jun/2014:18:53:30 +0000] "GET /git/my-repo.git/info/refs?service=git-receive-pack HTTP/1.1" 403 - "-" "git/1.8.5.2 (Apple Git-48)"
I can see that my "Authentication Required" response is being sent back by Apache on the first line of response (401) but the client shows me:
fatal: unable to access 'http://mysite/git/my-repo.git/': The requested URL returned error: 403
I am clueless as to the problem, as pointing my browser to the same URL properly brings up authentication and it even works right.
This older answer
git-http-backend
is returning a 403/Forbidden code when the client asks to use the git-receive-pack method.
It then falls back to WebDAV, but using WebDAV is not necessary.I had the same problem; in my case this was due to
REMOTE_USER
not being set
Since any of my Apache config uses an '=
' when setting a variable, check if this works better:
SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
(no '-
' between the two variables)
Check also if not (re)defining REMOTE_USER
works too (because it might already been defined, while REDIRECT_REMOTE_USER
might not): try without that line.
I never have to define it in my Apache Git config.
Note: with Git 2.21 (Q1 2019, 5+ years later), Git should be more robust.
这篇关于带有 AuthzUnixGroup 的 git-http-backend 无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!