1
1
mirror of https://github.com/go-gitea/gitea synced 2024-12-23 00:54:28 +00:00

Add -u git to docs when using docker exec with root installation (#29314)

This fixes a minor issue in the documentation for SSH Container
Passthrough for non-rootless installs. The non-rootless Dockerfile and
docker-compose do not set `USER`/`user` instructions so `docker exec`
will run as root by default. While running as root, gitea commands will
refuse to execute, breaking these approaches. For containers built with
the rootless instructions, `docker exec` will run as git by default so
this is not necessary in that case.

This issue was already discussed in #19065, but it does not appear this
part of the issue was ever added to the documentation.
This commit is contained in:
scribblemaniac 2024-04-02 19:47:13 -06:00 committed by GitHub
parent 6f4e2e79ff
commit b28d3a4218
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -545,7 +545,7 @@ In this option, the idea is that the host SSH uses an `AuthorizedKeysCommand` in
```bash ```bash
cat <<"EOF" | sudo tee /home/git/docker-shell cat <<"EOF" | sudo tee /home/git/docker-shell
#!/bin/sh #!/bin/sh
/usr/bin/docker exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@" /usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
EOF EOF
sudo chmod +x /home/git/docker-shell sudo chmod +x /home/git/docker-shell
sudo usermod -s /home/git/docker-shell git sudo usermod -s /home/git/docker-shell git
@ -560,7 +560,7 @@ Add the following block to `/etc/ssh/sshd_config`, on the host:
```bash ```bash
Match User git Match User git
AuthorizedKeysCommandUser git AuthorizedKeysCommandUser git
AuthorizedKeysCommand /usr/bin/docker exec -i gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k AuthorizedKeysCommand /usr/bin/docker exec -i -u git gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
``` ```
(From 1.16.0 you will not need to set the `-c /data/gitea/conf/app.ini` option.) (From 1.16.0 you will not need to set the `-c /data/gitea/conf/app.ini` option.)