Cannot create a new Gitea user without Gitea system user having read/execute access to current directory #2154

New Issue

GiteaMirror · 2025-11-02T04:25:29-06:00

GiteaMirror commented

2025-11-02 04:25:29 -06:00

Originally created by @zbrojny120 on GitHub (Aug 7, 2018).

Gitea version (or commit ref): 1.4.3
Git version: 2.18.0
Operating system: FreeBSD 11.2
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

Trying to create a new user using command-line tools (sudo -u git gitea admin create-user --name=user --password=pass --email=user@example.com --config=/usr/local/etc/gitea/conf/app.ini, git being Gitea user) while being in a directory without Gitea user having access to it (like /home/john with 700 permissions) causes this error:

panic: error getting work directory: stat .: permission denied                                                                                                                    
                                                                                                                                                                                  
goroutine 1 [running]:                                                                                                                                                            
code.gitea.io/gitea/vendor/gopkg.in/macaron%2ev1.init.1()                                                                                                                         
        /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/gopkg.in/macaron.v1/macaron.go:317 +0x125

Entering a different directory with git having access to it (/ for example) fixes this issue. Honestly I do not really understand why gitea even checks the current directory, as it has nothing to do with what it is doing.

Originally created by @zbrojny120 on GitHub (Aug 7, 2018). - Gitea version (or commit ref): 1.4.3 - Git version: 2.18.0 - Operating system: FreeBSD 11.2 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description Trying to create a new user using command-line tools (`sudo -u git gitea admin create-user --name=user --password=pass --email=user@example.com --config=/usr/local/etc/gitea/conf/app.ini`, git being Gitea user) while being in a directory without Gitea user having access to it (like `/home/john` with `700` permissions) causes this error: ``` panic: error getting work directory: stat .: permission denied goroutine 1 [running]: code.gitea.io/gitea/vendor/gopkg.in/macaron%2ev1.init.1() /wrkdirs/usr/ports/www/gitea/work/src/code.gitea.io/gitea/vendor/gopkg.in/macaron.v1/macaron.go:317 +0x125 ``` Entering a different directory with git having access to it (`/` for example) fixes this issue. Honestly I do not really understand why gitea even checks the current directory, as it has nothing to do with what it is doing.

GiteaMirror added the status/blocked type/bug labels 2025-11-02 04:25:29 -06:00

GiteaMirror closed this issue

2025-11-02 04:25:29 -06:00

GiteaMirror commented

2025-11-02 04:25:29 -06:00

@lafriks commented on GitHub (Aug 7, 2018):

Seems like upstream issue in our used framework (go-macaron) but not sure why

@lafriks commented on GitHub (Aug 7, 2018): Seems like upstream issue in our used framework (go-macaron) but not sure why

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@kaesaecracker commented on GitHub (Sep 23, 2018):

I am currently (trying) to install gitea for the first time and have the same issue.

@kaesaecracker commented on GitHub (Sep 23, 2018): I am currently (trying) to install gitea for the first time and have the same issue.

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@mrsdizzie commented on GitHub (Apr 9, 2019):

This is because Macaron runs os.Getwd()on init:

4df59ae8a5/macaron.go (L311-L319)

"Getwd returns a rooted path name corresponding to the current directory."

So when run in a folder that the running user doesn't have permissions in, this call will fail. Either GItea can try and detect this, and switch to a location where the user does have permissions if appropriate (like running one off commands) using Chdir, or it should be specific that it requires being run in a folder with permissions.

@mrsdizzie commented on GitHub (Apr 9, 2019): This is because Macaron runs ```os.Getwd()```on init: https://github.com/go-macaron/macaron/blob/4df59ae8a50bd2e82ed915ff1ce764b1bb128a9d/macaron.go#L311-L319 "Getwd returns a rooted path name corresponding to the current directory." So when run in a folder that the running user doesn't have permissions in, this call will fail. Either GItea can try and detect this, and switch to a location where the user does have permissions if appropriate (like running one off commands) using Chdir, or it should be specific that it requires being run in a folder with permissions.

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@zeripath commented on GitHub (Apr 9, 2019):

Damn it calls this on init() which doesn't give us much time to fix things. I suppose I should be thankful that it's called macaron so we have a large amount of lexical space to work in.

@zeripath commented on GitHub (Apr 9, 2019): Damn it calls this on `init()` which doesn't give us much time to fix things. I suppose I should be thankful that it's called `macaron` so we have a large amount of lexical space to work in.

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@zeripath commented on GitHub (Apr 9, 2019):

We could just temporarily move ourselves to a temporary path, and once macaron has initialized move ourselves back?

@zeripath commented on GitHub (Apr 9, 2019): We could just temporarily move ourselves to a temporary path, and once macaron has initialized move ourselves back?

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@zeripath commented on GitHub (Apr 9, 2019):

OK could someone try #6559 overnight. It might fire early enough to protect otherwise we'll have to move to a file perhaps called a.go

@zeripath commented on GitHub (Apr 9, 2019): OK could someone try #6559 overnight. It might fire early enough to protect otherwise we'll have to move to a file perhaps called a.go

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@marbetschar commented on GitHub (Apr 12, 2019):

Also ran into this. Made a temporary workaround in /etc/systemd/system/gitea.service:

...
# we need to change to the home dir first due to a bug.
# @see: https://github.com/go-gitea/gitea/issues/4634
ExecStartPre=/usr/bin/cd $HOME
...

@marbetschar commented on GitHub (Apr 12, 2019): Also ran into this. Made a temporary workaround in `/etc/systemd/system/gitea.service`: ``` ... # we need to change to the home dir first due to a bug. # @see: https://github.com/go-gitea/gitea/issues/4634 ExecStartPre=/usr/bin/cd $HOME ... ```

GiteaMirror commented

2025-11-02 04:25:30 -06:00

@wxiaoguang commented on GitHub (May 13, 2022):

Outdated, there are a lot of refactoring for the vendor packages.

Feel free to reopen if there is still a problem.

@wxiaoguang commented on GitHub (May 13, 2022): Outdated, there are a lot of refactoring for the vendor packages. Feel free to reopen if there is still a problem.

GiteaMirror referenced this issue

2025-11-02 12:09:20 -06:00

[PR #2389] [MERGED] Fix releases to be counted from database not tags #16382

GiteaMirror referenced this issue

2025-11-02 12:09:55 -06:00

[PR #2459] [MERGED] Sync releases table with tags on push and for mirrors #16408

Sign in to join this conversation.