github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-10 13:56:06 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Installed by the docs but service doesn't start #12130

New Issue
Closed
opened 2025-11-02 09:59:19 -06:00 by GiteaMirror · 8 comments
GiteaMirror commented 2025-11-02 09:59:19 -06:00
Owner
Copy Link

Originally created by @Dmitry1987 on GitHub (Nov 30, 2023).

Description

I used 'snap install' on ubuntu, then copied the systemd service file, updated its binary path to /snap/bin/gitea, and configured the /etc/gitea/app.ini
but the service start (or the command if run manually) shows this error which I don't understand at all, tried as root user too, but it fails like that:

root@ip-10-0-28-215:~# systemctl status gitea.service
● gitea.service - Gitea (Git with a cup of tea)
     Loaded: loaded (/etc/systemd/system/gitea.service; disabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Thu 2023-11-30 19:20:43 UTC; 220ms ago
    Process: 10892 ExecStart=/snap/bin/gitea web --config /etc/gitea/app.ini (code=exited, status=1/FAILURE)
   Main PID: 10892 (code=exited, status=1/FAILURE)
root@ip-10-0-28-215:~# /snap/bin/gitea web --config /etc/gitea/app.ini
2023/11/30 19:20:50 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied

Gitea Version

Gitea version 1.21.1 built with GNU Make 4.3, go1.21.4 : bindata, sqlite, sqlite_unlock_notify, pam, cert

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

ubuntu 20

How are you running Gitea?

just the binary file from snap install

Database

None

Originally created by @Dmitry1987 on GitHub (Nov 30, 2023). ### Description I used 'snap install' on ubuntu, then copied the systemd service file, updated its binary path to /snap/bin/gitea, and configured the /etc/gitea/app.ini but the service start (or the command if run manually) shows this error which I don't understand at all, tried as root user too, but it fails like that: ``` root@ip-10-0-28-215:~# systemctl status gitea.service ● gitea.service - Gitea (Git with a cup of tea) Loaded: loaded (/etc/systemd/system/gitea.service; disabled; vendor preset: enabled) Active: activating (auto-restart) (Result: exit-code) since Thu 2023-11-30 19:20:43 UTC; 220ms ago Process: 10892 ExecStart=/snap/bin/gitea web --config /etc/gitea/app.ini (code=exited, status=1/FAILURE) Main PID: 10892 (code=exited, status=1/FAILURE) root@ip-10-0-28-215:~# /snap/bin/gitea web --config /etc/gitea/app.ini 2023/11/30 19:20:50 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied ``` ### Gitea Version Gitea version 1.21.1 built with GNU Make 4.3, go1.21.4 : bindata, sqlite, sqlite_unlock_notify, pam, cert ### Can you reproduce the bug on the Gitea demo site? Yes ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System ubuntu 20 ### How are you running Gitea? just the binary file from snap install ### Database None
GiteaMirror added the type/bug label 2025-11-02 09:59:19 -06:00
GiteaMirror commented 2025-11-02 09:59:20 -06:00
Author
Owner
Copy Link

@Dmitry1987 commented on GitHub (Nov 30, 2023):

my 'git' user works though

su git -c 'gitea --version'
Gitea version 1.21.1 built with GNU Make 4.3, go1.21.4 : bindata, sqlite, sqlite_unlock_notify, pam, cert

root@ip-10-0-28-215:~# su - git -c 'gitea --version'
Gitea version 1.21.1 built with GNU Make 4.3, go1.21.4 : bindata, sqlite, sqlite_unlock_notify, pam, cert
@Dmitry1987 commented on GitHub (Nov 30, 2023): my 'git' user works though ``` su git -c 'gitea --version' Gitea version 1.21.1 built with GNU Make 4.3, go1.21.4 : bindata, sqlite, sqlite_unlock_notify, pam, cert root@ip-10-0-28-215:~# su - git -c 'gitea --version' Gitea version 1.21.1 built with GNU Make 4.3, go1.21.4 : bindata, sqlite, sqlite_unlock_notify, pam, cert ```
GiteaMirror commented 2025-11-02 09:59:21 -06:00
Author
Owner
Copy Link

@Dmitry1987 commented on GitHub (Nov 30, 2023):

if i stop using the snap installed gitea, and download the wget binary, it get better error, but still both users get errors to run it

root@ip-10-0-28-215:~# cp gitea /usr/local/bin/gitea
root@ip-10-0-28-215:~# GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini
2023/11/30 19:29:54 ...s/setting/setting.go:180:loadRunModeFrom() [F] Gitea is not supposed to be run as root. Sorry. If you need to use privileged TCP ports please instead use setcap and the `cap_net_bind_service` permission
root@ip-10-0-28-215:~# 
root@ip-10-0-28-215:~# su - git -c "GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini"
2023/11/30 19:30:14 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied
@Dmitry1987 commented on GitHub (Nov 30, 2023): if i stop using the snap installed gitea, and download the wget binary, it get better error, but still both users get errors to run it ``` root@ip-10-0-28-215:~# cp gitea /usr/local/bin/gitea root@ip-10-0-28-215:~# GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini 2023/11/30 19:29:54 ...s/setting/setting.go:180:loadRunModeFrom() [F] Gitea is not supposed to be run as root. Sorry. If you need to use privileged TCP ports please instead use setcap and the `cap_net_bind_service` permission root@ip-10-0-28-215:~# root@ip-10-0-28-215:~# su - git -c "GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini" 2023/11/30 19:30:14 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied ```
GiteaMirror commented 2025-11-02 09:59:21 -06:00
Author
Owner
Copy Link

@eeyrjmr commented on GitHub (Nov 30, 2023):

The error message implies that the gitea process, launched as user=git cannot read /etc/gitea/app.ini

Could you do: iname /etc/gitea/app.ini

It needs to be owned by the user that gitea is run as

@eeyrjmr commented on GitHub (Nov 30, 2023): The error message implies that the gitea process, launched as user=git cannot read /etc/gitea/app.ini Could you do: iname /etc/gitea/app.ini It needs to be owned by the user that gitea is run as
GiteaMirror commented 2025-11-02 09:59:21 -06:00
Author
Owner
Copy Link

@lng2020 commented on GitHub (Dec 1, 2023):

FYI, the snap package has some confinement due to its security model. See https://github.com/go-gitea/gitea/issues/27422 for more details.
As for your installation via binary, it's likely because of your permission as the error indicates.

@lng2020 commented on GitHub (Dec 1, 2023): FYI, the snap package has some confinement due to its security model. See https://github.com/go-gitea/gitea/issues/27422 for more details. As for your installation via binary, it's likely because of your permission as the error indicates.
GiteaMirror commented 2025-11-02 09:59:21 -06:00
Author
Owner
Copy Link

@Dmitry1987 commented on GitHub (Dec 1, 2023):

The error message implies that the gitea process, launched as user=git cannot read /etc/gitea/app.ini

Could you do: iname /etc/gitea/app.ini

It needs to be owned by the user that gitea is run as

thanks for the suggestion, I did a chown for git user, but it didn't help

root@ip-10-0-28-215:~# /snap/bin/gitea web --config /etc/gitea/app.ini
2023/12/01 07:53:30 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied
root@ip-10-0-28-215:~# ls -l /etc/gitea/app.ini
-rw-r----- 1 git git 111169 Nov 30 19:20 /etc/gitea/app.ini
root@ip-10-0-28-215:~# ls -ld /etc/gitea
drw-r----- 2 git git 4096 Nov 30 19:20 /etc/gitea
root@ip-10-0-28-215:~#

about iname i don't know this command and didn't find in ubuntu, but here's stat output on file and folder, the permissions are 'git' user 🤷

root@ip-10-0-28-215:~# stat /etc/gitea/app.ini
  File: /etc/gitea/app.ini
  Size: 111169          Blocks: 224        IO Block: 4096   regular file
Device: 10301h/66305d   Inode: 3600692     Links: 1
Access: (0640/-rw-r-----)  Uid: (  115/     git)   Gid: (  121/     git)
Access: 2023-11-30 19:29:54.370256201 +0000
Modify: 2023-11-30 19:20:03.744974442 +0000
Change: 2023-12-01 07:52:35.354658646 +0000
 Birth: -
root@ip-10-0-28-215:~# stat /etc/gitea
  File: /etc/gitea
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 10301h/66305d   Inode: 3600689     Links: 2
Access: (0640/drw-r-----)  Uid: (  115/     git)   Gid: (  121/     git)
Access: 2023-12-01 07:52:00.972723352 +0000
Modify: 2023-11-30 19:20:03.748974668 +0000
Change: 2023-12-01 07:52:35.354658646 +0000
 Birth: -

could it be that this new git user cannot access anything inside /etc at all? honestly I never encountered an issue like this with a simple webserver software, what is the reasoning behind this permissions design? just curious. it's definitely unusual :)

@Dmitry1987 commented on GitHub (Dec 1, 2023): > The error message implies that the gitea process, launched as user=git cannot read /etc/gitea/app.ini > > Could you do: iname /etc/gitea/app.ini > > It needs to be owned by the user that gitea is run as thanks for the suggestion, I did a chown for git user, but it didn't help ``` root@ip-10-0-28-215:~# /snap/bin/gitea web --config /etc/gitea/app.ini 2023/12/01 07:53:30 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied root@ip-10-0-28-215:~# ls -l /etc/gitea/app.ini -rw-r----- 1 git git 111169 Nov 30 19:20 /etc/gitea/app.ini root@ip-10-0-28-215:~# ls -ld /etc/gitea drw-r----- 2 git git 4096 Nov 30 19:20 /etc/gitea root@ip-10-0-28-215:~# ``` about `iname` i don't know this command and didn't find in ubuntu, but here's stat output on file and folder, the permissions are 'git' user 🤷 ``` root@ip-10-0-28-215:~# stat /etc/gitea/app.ini File: /etc/gitea/app.ini Size: 111169 Blocks: 224 IO Block: 4096 regular file Device: 10301h/66305d Inode: 3600692 Links: 1 Access: (0640/-rw-r-----) Uid: ( 115/ git) Gid: ( 121/ git) Access: 2023-11-30 19:29:54.370256201 +0000 Modify: 2023-11-30 19:20:03.744974442 +0000 Change: 2023-12-01 07:52:35.354658646 +0000 Birth: - root@ip-10-0-28-215:~# stat /etc/gitea File: /etc/gitea Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 10301h/66305d Inode: 3600689 Links: 2 Access: (0640/drw-r-----) Uid: ( 115/ git) Gid: ( 121/ git) Access: 2023-12-01 07:52:00.972723352 +0000 Modify: 2023-11-30 19:20:03.748974668 +0000 Change: 2023-12-01 07:52:35.354658646 +0000 Birth: - ``` could it be that this new git user cannot access anything inside /etc at all? honestly I never encountered an issue like this with a simple webserver software, what is the reasoning behind this permissions design? just curious. it's definitely unusual :)
GiteaMirror commented 2025-11-02 09:59:22 -06:00
Author
Owner
Copy Link

@Dmitry1987 commented on GitHub (Dec 1, 2023):

nevermind, i've run the snap binary and not the downloaded one 😅
here's attempt with standalone binary:

root@ip-10-0-28-215:~# sudo su - git
git@ip-10-0-28-215:~$ /usr/local/bin/gitea web --config /etc/gitea/app.ini
2023/12/01 07:59:53 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied

the user really doesn't have access to file itself,

git@ip-10-0-28-215:~$ ls /etc/gitea
app.ini
git@ip-10-0-28-215:~$ ls /etc/gitea/app.ini 
ls: cannot access '/etc/gitea/app.ini': Permission denied

despite the chown -R on that folder. should I set a 'setfacl' on the file or something?

@Dmitry1987 commented on GitHub (Dec 1, 2023): nevermind, i've run the snap binary and not the downloaded one 😅 here's attempt with standalone binary: ``` root@ip-10-0-28-215:~# sudo su - git git@ip-10-0-28-215:~$ /usr/local/bin/gitea web --config /etc/gitea/app.ini 2023/12/01 07:59:53 ...s/setting/setting.go:96:InitCfgProvider() [F] Unable to init config provider from "/etc/gitea/app.ini": unable to check if "/etc/gitea/app.ini" is a file. Error: stat /etc/gitea/app.ini: permission denied ``` the user really doesn't have access to file itself, ``` git@ip-10-0-28-215:~$ ls /etc/gitea app.ini git@ip-10-0-28-215:~$ ls /etc/gitea/app.ini ls: cannot access '/etc/gitea/app.ini': Permission denied ``` despite the chown -R on that folder. should I set a 'setfacl' on the file or something?
GiteaMirror commented 2025-11-02 09:59:22 -06:00
Author
Owner
Copy Link

@lng2020 commented on GitHub (Dec 1, 2023):

su - git -c "GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini"

So is this one still not working?

Edited: nevermind, I saw your last comment. I think chown will work for the binary.

@lng2020 commented on GitHub (Dec 1, 2023): > su - git -c "GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini" So is this one still not working? Edited: nevermind, I saw your last comment. I think chown will work for the binary.
GiteaMirror commented 2025-11-02 09:59:22 -06:00
Author
Owner
Copy Link

@Dmitry1987 commented on GitHub (Dec 1, 2023):

oh gosh it was app armor enabled and it only turned off after a reboot 😖 i turned it off and thought it should be okay 😅 . issue resolved, thanks for all who chimed in! 🙏 (and lol it's pretty embarrassing but if anyone finds this thread in google and wondering what's going on with his ubuntu ec2 where he tries to launch gitea - now you know to add a rule in your app armor settings😁[don't disable it like i did! my server is fully internal. add the proper profile rules. ] )

@Dmitry1987 commented on GitHub (Dec 1, 2023): oh gosh it was app armor enabled and it only turned off after a reboot 😖 i turned it off and thought it should be okay 😅 . issue resolved, thanks for all who chimed in! 🙏 (and lol it's pretty embarrassing but if anyone finds this thread in google and wondering what's going on with his ubuntu ec2 where he tries to launch gitea - now you know to add a rule in your app armor settings😁[don't disable it like i did! my server is fully internal. add the proper profile rules. ] )
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12130
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?