Packages Write permission only works when ALL other permissions are set to Write #9074

New Issue

Closed

opened 2025-11-02 08:28:28 -06:00 by GiteaMirror · 4 comments

GiteaMirror commented 2025-11-02 08:28:28 -06:00

Owner

Copy Link

Originally created by @Fogapod on GitHub (Jun 16, 2022).

Description

I have CI account I added to my organization that is used for pushing containers. I created a separate team for it named CI. Account isn't in any other team. Team permissions:

I want this group to only have write access to packages and maybe releases but if i uncheck ANY permission to Read and save, pushing image stops working:

$ podman login git.my.domain
# ...
$ podman push git.my.domain/org/repo:latest
Getting image source signatures
Copying blob da62b97c2205 skipped: already exists  
Copying blob caa0fe6c85de skipped: already exists  
Copying blob 5a2d1674fe82 skipped: already exists  
Copying blob 2a34cef01f5f skipped: already exists  
Copying blob 5b8b24c2f164 skipped: already exists  
Copying blob fce7eced52b0 skipped: already exists  
Copying blob 81267142ac55 skipped: already exists  
Copying blob 95b66a4f2600 skipped: already exists  
Copying blob 637044167be1 skipped: already exists  
Copying config aedda0f877 done  
Writing manifest to image destination
Error: writing manifest: uploading manifest latest to git.my.domain/org/repo: unauthorized: authentication required

When I change all permissions to Write, push works again.

I tried pushing container as admin and linking it to repository but it didn't change anything.

Looks like try.gitea.io doesn't allow creating organizations so i can't test it there.

Gitea Version

1.17.0+dev-719-gf0ce5470e

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Locally compiled binary

Database

PostgreSQL

Originally created by @Fogapod on GitHub (Jun 16, 2022). ### Description I have CI account I added to my organization that is used for pushing containers. I created a separate team for it named CI. Account isn't in any other team. Team permissions:  I want this group to only have write access to packages and maybe releases but if i uncheck ANY permission to Read and save, pushing image stops working: ```sh $ podman login git.my.domain # ... $ podman push git.my.domain/org/repo:latest Getting image source signatures Copying blob da62b97c2205 skipped: already exists Copying blob caa0fe6c85de skipped: already exists Copying blob 5a2d1674fe82 skipped: already exists Copying blob 2a34cef01f5f skipped: already exists Copying blob 5b8b24c2f164 skipped: already exists Copying blob fce7eced52b0 skipped: already exists Copying blob 81267142ac55 skipped: already exists Copying blob 95b66a4f2600 skipped: already exists Copying blob 637044167be1 skipped: already exists Copying config aedda0f877 done Writing manifest to image destination Error: writing manifest: uploading manifest latest to git.my.domain/org/repo: unauthorized: authentication required ``` When I change all permissions to Write, push works again. I tried pushing container as admin and linking it to repository but it didn't change anything. Looks like try.gitea.io doesn't allow creating organizations so i can't test it there. ### Gitea Version 1.17.0+dev-719-gf0ce5470e ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? Locally compiled binary ### Database PostgreSQL

GiteaMirror added the type/bug label 2025-11-02 08:28:28 -06:00

GiteaMirror closed this issue 2025-11-02 08:28:28 -06:00

GiteaMirror commented 2025-11-02 08:28:29 -06:00

Author

Owner

Copy Link

@dbotwinick commented on GitHub (Jun 20, 2022):

+1
Note I encountered the same behavior for maven package registry on v1.17.0-rc1.

@dbotwinick commented on GitHub (Jun 20, 2022): +1 Note I encountered the same behavior for maven package registry on [v1.17.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.17.0-rc1).

GiteaMirror commented 2025-11-02 08:28:29 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Jun 21, 2022):

Write means Read and Write.

@lunny commented on GitHub (Jun 21, 2022): `Write` means `Read` and `Write`.

GiteaMirror commented 2025-11-02 08:28:29 -06:00

Author

Owner

Copy Link

@Fogapod commented on GitHub (Jun 22, 2022):

Write means Read and Write.

I think you misunderstood the issue. In order to be able to push image to registry I had to set Wiki and Issues and Code and everything else to Write, not just Packages

@Fogapod commented on GitHub (Jun 22, 2022): > `Write` means `Read` and `Write`. I think you misunderstood the issue. In order to be able to push image to registry I had to set Wiki and Issues and Code and everything else to `Write`, not just `Packages`

GiteaMirror commented 2025-11-02 08:28:30 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Jun 22, 2022):

Write means Read and Write.

I think you misunderstood the issue. In order to be able to push image to registry I had to set Wiki and Issues and Code and everything else to Write, not just Packages

Got it.

@lunny commented on GitHub (Jun 22, 2022): > > `Write` means `Read` and `Write`. > > I think you misunderstood the issue. In order to be able to push image to registry I had to set Wiki and Issues and Code and everything else to `Write`, not just `Packages` Got it.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#9074