github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Deploy Gitea with Docker, permission denied #9944

New Issue
Closed
opened 2025-11-02 08:53:45 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 08:53:45 -06:00
Owner
Copy Link

Originally created by @Lumysia on GitHub (Dec 7, 2022).

Description

When I deployed Gitea with Docker, the gitea access operation to some files was denied. Docker volumes use nfs, it mount to the system directory and then bind to the docker container using docker "bind".

The web interface of gitea is normally accessible, but it gets stuck when I click on install, I guess the reason is that Gitea don't have access to config/app.ini.

The attempts I have made

  • Adding environment variables(USER_UID=65534,USER_GID=65534) to change the uid and gid of the git user
  • Add environment variable(USER=nobody) to make gitea run with the nobody user
  • Modify both of these

All of these attempts have failed, with varying logs of failure, and gitea always complains about not having the proper permissions to modify the config file or the key file.

I can confirm that

  • There is nothing wrong with the nfs service itself, and the other containers use it fine.
  • The nfs share permissions are set to 777, the gitea folder permissions are also 777, the user is nobody, and the user group is nogroup

Logs

Here is its log, I am very sorry I don't know how to set gitea log to debug mode from environment variable.

  • docker container logs
Generating /data/ssh/ssh_host_ed25519_key...
Generating /data/ssh/ssh_host_rsa_key...
Generating /data/ssh/ssh_host_dsa_key...
chown: /data/gitea/conf/app.ini: Operation not permitted
Generating /data/ssh/ssh_host_ecdsa_key...
2022/12/07 20:23:16 cmd/web.go:106:runWeb() [I] Starting Gitea on PID: 17
chown: /data/ssh/ssh_host_dsa_key: Operation not permitted
chown: /data/ssh/ssh_host_dsa_key.pub: Operation not permitted
2022/12/07 20:23:18 ...s/install/setting.go:21:PreloadSettings() [I] AppPath: /usr/local/bin/gitea
2022/12/07 20:23:18 ...s/install/setting.go:22:PreloadSettings() [I] AppWorkPath: /app/gitea
2022/12/07 20:23:18 ...s/install/setting.go:23:PreloadSettings() [I] Custom path: /data/gitea
2022/12/07 20:23:18 ...s/install/setting.go:24:PreloadSettings() [I] Log path: /data/gitea/log
2022/12/07 20:23:18 ...s/install/setting.go:25:PreloadSettings() [I] Configuration file: /data/gitea/conf/app.ini
2022/12/07 20:23:18 ...s/install/setting.go:26:PreloadSettings() [I] Prepare to run install page
chown: /data/ssh/ssh_host_ecdsa_key: Operation not permitted
chown: /data/ssh/ssh_host_ecdsa_key.pub: Operation not permitted
chown: /data/ssh/ssh_host_ed25519_key: Operation not permitted
2022/12/07 20:23:18 ...s/install/setting.go:29:PreloadSettings() [I] SQLite3 is supported
chown: /data/ssh/ssh_host_ed25519_key.pub: Operation not permitted
chown: /data/ssh/ssh_host_rsa_key: Operation not permitted
chown: /data/ssh/ssh_host_rsa_key.pub: Operation not permitted
2022/12/07 20:23:19 cmd/web.go:220:listen() [I] [639085b7] Listen: http://0.0.0.0:3000
2022/12/07 20:23:19 cmd/web.go:224:listen() [I] [639085b7] AppURL(ROOT_URL): http://localhost:3000/
2022/12/07 20:23:19 ...s/graceful/server.go:62:NewServer() [I] [639085b7] Starting new Web server: tcp:0.0.0.0:3000 on PID: 17
Server listening on :: port 22.
Server listening on 0.0.0.0 port 22.
2022/12/07 20:24:04 ...eb/routing/logger.go:68:func1() [W] [639085b6] router: slow      POST / for 172.71.154.131:0, elapsed 3204.3ms @ install/install.go:236(install.SubmitInstall)
2022/12/07 20:24:05 ...c/net/http/server.go:2109:ServeHTTP() [I] [639085e1] PING DATABASE sqlite3
2022/12/07 20:24:30 ...eb/routing/logger.go:99:func1() [I] [639085fe] router: completed GET / for 172.71.154.131:0, 200 OK in 6.7ms @ install/install.go:95(install.Install)
2022/12/07 20:24:31 ...eb/routing/logger.go:99:func1() [I] router: completed POST / for 172.71.154.131:0, 200 OK in 30101.0ms @ install/install.go:236(install.SubmitInstall)
2022/12/07 20:24:36 ...eb/routing/logger.go:99:func1() [E] [63908604] router: completed HEAD / for 172.71.166.88:0, 405 Method Not Allowed in 0.1ms @ unknown-handler
2022/12/07 20:24:51 ...eb/routing/logger.go:99:func1() [I] [63908613-2] router: completed GET /Mirror/ffmpeg/blame/commit/9a60b1fad02cb783b895b2145c3dafc01f7b337c/configure for 172.71.98.135:0, 302 Found in 0.1ms @ install/routes.go:119(install.installNotFound)
2022/12/07 20:24:54 ...s/install/install.go:229:checkDatabase() [I] [63908613] Gitea will be installed in a database with: hasPostInstallationUser=false, dbMigrationVersion=231
2022/12/07 20:24:54 ...eb/routing/logger.go:68:func1() [W] [639085b6] router: slow      POST / for 172.71.154.131:0, elapsed 3108.7ms @ install/install.go:236(install.SubmitInstall)
2022/12/07 20:24:54 ...eb/routing/logger.go:99:func1() [I] [63908613] router: completed POST / for 172.71.154.131:0, 200 OK in 3309.6ms @ install/install.go:236(install.SubmitInstall)
2022/12/07 20:24:56 ...eb/routing/logger.go:99:func1() [I] [63908618] router: completed GET / for 172.71.166.171:0, 200 OK in 1.6ms @ install/install.go:95(install.Install)
2022/12/07 20:25:20 ...s/install/install.go:229:checkDatabase() [I] [6390862e] Gitea will be installed in a database with: hasPostInstallationUser=false, dbMigrationVersion=231
2022/12/07 20:25:21 ...c/net/http/server.go:2109:ServeHTTP() [I] [6390862e] PING DATABASE sqlite3
2022/12/07 20:25:21 ...eb/routing/logger.go:68:func1() [W] [639085b6] router: slow      POST / for 172.71.154.131:0, elapsed 3560.4ms @ install/install.go:236(install.SubmitInstall)
2022/12/07 20:25:28 modules/web/wrap.go:41:func1() [W] [6390862e] Table system_setting Column version db default is , struct default is 1
2022/12/07 20:26:06 ...eb/routing/logger.go:99:func1() [I] [6390865e] router: completed GET /Mirror/ffmpeg/commit/c43a7ecad997fc527af34b952334f3d030709a1b for 172.71.98.133:0, 302 Found in 0.1ms @ install/routes.go:119(install.installNotFound)
2022/12/07 20:26:15 ...eb/routing/logger.go:99:func1() [I] [6390862e] router: completed POST / for 172.71.154.131:0, 200 OK in 57869.9ms @ install/install.go:236(install.SubmitInstall)
2022/12/07 20:26:45 ...eb/routing/logger.go:99:func1() [I] [63908685] router: completed GET / for 172.71.154.130:0, 200 OK in 1.8ms @ install/install.go:95(install.Install)
2022/12/07 20:29:56 ...eb/routing/logger.go:99:func1() [E] [63908744] router: completed HEAD / for 172.69.70.215:0, 405 Method Not Allowed in 0.1ms @ unknown-handler
  • Gitea doctor

as user "nobody"

bash-5.1$ gitea doctor
ERROR: Unable to write logs to provided file due to permissions error: doctor.log
       failed to create sublogger (doctor): open doctor.log: permission denied
WARN: Logging will be disabled
       Use `--log-file` to configure log file location
[1] Check paths and basic configuration
 - [I] Configuration File Path:    "/data/gitea/conf/app.ini"
 - [I] Repository Root Path:       "/data/git/repositories"
 - [I] Data Root Path:             "/data/gitea"
 - [I] Custom File Root Path:      "/data/gitea"
 - [I] Work directory:             "/app/gitea"
 - [I] Log Root Path:              "/data/gitea/log"
OK

Gitea Version

Gitea version 1.18.0+rc1 built with GNU Make 4.3, go1.19.3 : bindata, timetzdata, sql ite, sqlite_unlock_notify

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

git version 2.36.3

Operating System

Linux 65bbf4377b4e 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_ 64 Linux

How are you running Gitea?

I'm running gitea with a docker swarm cluster container.

ENV: Docker Swarm

  • Gitea.yml
version: "3.9"

services:
  gitea:
    image: gitea/gitea:latest
    environment:
      - TZ=Asia/Shanghai
      - USER_UID=65534
      - USER_GID=65534
      - USER=nobody
    networks:
      - ext_network
    volumes:
      - /data/nfsmnt/gitea:/data
    deploy:
      mode: replicated
      replicas: 1
      resources:
        limits:
          cpus: "0.75"
          memory: 2048M
        reservations:
          memory: 32M
      update_config:
        parallelism: 1
        failure_action: rollback
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 60s

networks:
  ext_network:
    external: true

Database

SQLite

Originally created by @Lumysia on GitHub (Dec 7, 2022). ### Description When I deployed Gitea with Docker, the gitea access operation to some files was denied. Docker volumes use **nfs**, it mount to the system directory and then bind to the docker container using docker "bind". The web interface of gitea is normally accessible, but it gets stuck when I click on install, I guess the reason is that Gitea don't have access to config/app.ini. ### The attempts I have made - Adding environment variables(USER_UID=65534,USER_GID=65534) to change the uid and gid of the git user - Add environment variable(USER=nobody) to make gitea run with the nobody user - Modify both of these **All of these attempts have failed, with varying logs of failure, and gitea always complains about not having the proper permissions to modify the config file or the key file.** ### I can confirm that - There is nothing wrong with the nfs service itself, and the other containers use it fine. - The nfs share permissions are set to 777, the gitea folder permissions are also 777, the user is nobody, and the user group is nogroup ### Logs Here is its log, I am very sorry I don't know how to set gitea log to debug mode from environment variable. - docker container logs ```text Generating /data/ssh/ssh_host_ed25519_key... Generating /data/ssh/ssh_host_rsa_key... Generating /data/ssh/ssh_host_dsa_key... chown: /data/gitea/conf/app.ini: Operation not permitted Generating /data/ssh/ssh_host_ecdsa_key... 2022/12/07 20:23:16 cmd/web.go:106:runWeb() [I] Starting Gitea on PID: 17 chown: /data/ssh/ssh_host_dsa_key: Operation not permitted chown: /data/ssh/ssh_host_dsa_key.pub: Operation not permitted 2022/12/07 20:23:18 ...s/install/setting.go:21:PreloadSettings() [I] AppPath: /usr/local/bin/gitea 2022/12/07 20:23:18 ...s/install/setting.go:22:PreloadSettings() [I] AppWorkPath: /app/gitea 2022/12/07 20:23:18 ...s/install/setting.go:23:PreloadSettings() [I] Custom path: /data/gitea 2022/12/07 20:23:18 ...s/install/setting.go:24:PreloadSettings() [I] Log path: /data/gitea/log 2022/12/07 20:23:18 ...s/install/setting.go:25:PreloadSettings() [I] Configuration file: /data/gitea/conf/app.ini 2022/12/07 20:23:18 ...s/install/setting.go:26:PreloadSettings() [I] Prepare to run install page chown: /data/ssh/ssh_host_ecdsa_key: Operation not permitted chown: /data/ssh/ssh_host_ecdsa_key.pub: Operation not permitted chown: /data/ssh/ssh_host_ed25519_key: Operation not permitted 2022/12/07 20:23:18 ...s/install/setting.go:29:PreloadSettings() [I] SQLite3 is supported chown: /data/ssh/ssh_host_ed25519_key.pub: Operation not permitted chown: /data/ssh/ssh_host_rsa_key: Operation not permitted chown: /data/ssh/ssh_host_rsa_key.pub: Operation not permitted 2022/12/07 20:23:19 cmd/web.go:220:listen() [I] [639085b7] Listen: http://0.0.0.0:3000 2022/12/07 20:23:19 cmd/web.go:224:listen() [I] [639085b7] AppURL(ROOT_URL): http://localhost:3000/ 2022/12/07 20:23:19 ...s/graceful/server.go:62:NewServer() [I] [639085b7] Starting new Web server: tcp:0.0.0.0:3000 on PID: 17 Server listening on :: port 22. Server listening on 0.0.0.0 port 22. 2022/12/07 20:24:04 ...eb/routing/logger.go:68:func1() [W] [639085b6] router: slow POST / for 172.71.154.131:0, elapsed 3204.3ms @ install/install.go:236(install.SubmitInstall) 2022/12/07 20:24:05 ...c/net/http/server.go:2109:ServeHTTP() [I] [639085e1] PING DATABASE sqlite3 2022/12/07 20:24:30 ...eb/routing/logger.go:99:func1() [I] [639085fe] router: completed GET / for 172.71.154.131:0, 200 OK in 6.7ms @ install/install.go:95(install.Install) 2022/12/07 20:24:31 ...eb/routing/logger.go:99:func1() [I] router: completed POST / for 172.71.154.131:0, 200 OK in 30101.0ms @ install/install.go:236(install.SubmitInstall) 2022/12/07 20:24:36 ...eb/routing/logger.go:99:func1() [E] [63908604] router: completed HEAD / for 172.71.166.88:0, 405 Method Not Allowed in 0.1ms @ unknown-handler 2022/12/07 20:24:51 ...eb/routing/logger.go:99:func1() [I] [63908613-2] router: completed GET /Mirror/ffmpeg/blame/commit/9a60b1fad02cb783b895b2145c3dafc01f7b337c/configure for 172.71.98.135:0, 302 Found in 0.1ms @ install/routes.go:119(install.installNotFound) 2022/12/07 20:24:54 ...s/install/install.go:229:checkDatabase() [I] [63908613] Gitea will be installed in a database with: hasPostInstallationUser=false, dbMigrationVersion=231 2022/12/07 20:24:54 ...eb/routing/logger.go:68:func1() [W] [639085b6] router: slow POST / for 172.71.154.131:0, elapsed 3108.7ms @ install/install.go:236(install.SubmitInstall) 2022/12/07 20:24:54 ...eb/routing/logger.go:99:func1() [I] [63908613] router: completed POST / for 172.71.154.131:0, 200 OK in 3309.6ms @ install/install.go:236(install.SubmitInstall) 2022/12/07 20:24:56 ...eb/routing/logger.go:99:func1() [I] [63908618] router: completed GET / for 172.71.166.171:0, 200 OK in 1.6ms @ install/install.go:95(install.Install) 2022/12/07 20:25:20 ...s/install/install.go:229:checkDatabase() [I] [6390862e] Gitea will be installed in a database with: hasPostInstallationUser=false, dbMigrationVersion=231 2022/12/07 20:25:21 ...c/net/http/server.go:2109:ServeHTTP() [I] [6390862e] PING DATABASE sqlite3 2022/12/07 20:25:21 ...eb/routing/logger.go:68:func1() [W] [639085b6] router: slow POST / for 172.71.154.131:0, elapsed 3560.4ms @ install/install.go:236(install.SubmitInstall) 2022/12/07 20:25:28 modules/web/wrap.go:41:func1() [W] [6390862e] Table system_setting Column version db default is , struct default is 1 2022/12/07 20:26:06 ...eb/routing/logger.go:99:func1() [I] [6390865e] router: completed GET /Mirror/ffmpeg/commit/c43a7ecad997fc527af34b952334f3d030709a1b for 172.71.98.133:0, 302 Found in 0.1ms @ install/routes.go:119(install.installNotFound) 2022/12/07 20:26:15 ...eb/routing/logger.go:99:func1() [I] [6390862e] router: completed POST / for 172.71.154.131:0, 200 OK in 57869.9ms @ install/install.go:236(install.SubmitInstall) 2022/12/07 20:26:45 ...eb/routing/logger.go:99:func1() [I] [63908685] router: completed GET / for 172.71.154.130:0, 200 OK in 1.8ms @ install/install.go:95(install.Install) 2022/12/07 20:29:56 ...eb/routing/logger.go:99:func1() [E] [63908744] router: completed HEAD / for 172.69.70.215:0, 405 Method Not Allowed in 0.1ms @ unknown-handler ``` - Gitea doctor > as user "nobody" ```text bash-5.1$ gitea doctor ERROR: Unable to write logs to provided file due to permissions error: doctor.log failed to create sublogger (doctor): open doctor.log: permission denied WARN: Logging will be disabled Use `--log-file` to configure log file location [1] Check paths and basic configuration - [I] Configuration File Path: "/data/gitea/conf/app.ini" - [I] Repository Root Path: "/data/git/repositories" - [I] Data Root Path: "/data/gitea" - [I] Custom File Root Path: "/data/gitea" - [I] Work directory: "/app/gitea" - [I] Log Root Path: "/data/gitea/log" OK ``` ### Gitea Version Gitea version 1.18.0+rc1 built with GNU Make 4.3, go1.19.3 : bindata, timetzdata, sql ite, sqlite_unlock_notify ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version git version 2.36.3 ### Operating System Linux 65bbf4377b4e 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_ 64 Linux ### How are you running Gitea? I'm running gitea with a docker swarm cluster container. > ENV: Docker Swarm - Gitea.yml ```yaml version: "3.9" services: gitea: image: gitea/gitea:latest environment: - TZ=Asia/Shanghai - USER_UID=65534 - USER_GID=65534 - USER=nobody networks: - ext_network volumes: - /data/nfsmnt/gitea:/data deploy: mode: replicated replicas: 1 resources: limits: cpus: "0.75" memory: 2048M reservations: memory: 32M update_config: parallelism: 1 failure_action: rollback restart_policy: condition: on-failure delay: 5s max_attempts: 3 window: 60s networks: ext_network: external: true ``` ### Database SQLite
GiteaMirror added the type/bug label 2025-11-02 08:53:45 -06:00
GiteaMirror commented 2025-11-02 08:53:46 -06:00
Author
Owner
Copy Link

@Lumysia commented on GitHub (Dec 9, 2022):

I seem to have found the root of the problem: even the root of the server does not have chown permission for the nfs folder mounted on the server.

So I will try using the gitea-rootless version and I will report back here if I make any progress.

@Lumysia commented on GitHub (Dec 9, 2022): I seem to have found the root of the problem: even the root of the server does not have chown permission for the nfs folder mounted on the server. So I will try using the gitea-rootless version and I will report back here if I make any progress.
GiteaMirror commented 2025-11-02 08:53:49 -06:00
Author
Owner
Copy Link

@Lumysia commented on GitHub (Dec 9, 2022):

According to this document I have tried to add the environment variables:

  • - GITEA__log__LEVEL=debug
  • - GITEA__log__STACKTRACE_LEVEL=debug
    But nothing happens and the logs are consistent with the ones provided above.

I checked the app.ini generated by gitea and it seems to be fine.

  • app.ini
[log]
ROOT_PATH        = /var/lib/gitea/data/log
LEVEL            = debug
STACKTRACE_LEVEL = debug

Unable to locate the problem, but the problem persists: after clicking install, gitea loses response.

@Lumysia commented on GitHub (Dec 9, 2022): According to [this document](https://docs.gitea.io/en-us/install-with-docker-rootless/#managing-deployments-with-environment-variables) I have tried to add the environment variables: - `- GITEA__log__LEVEL=debug` - `- GITEA__log__STACKTRACE_LEVEL=debug` But nothing happens and the logs are consistent with the ones provided above. I checked the app.ini generated by gitea and it seems to be fine. - app.ini ```ini [log] ROOT_PATH = /var/lib/gitea/data/log LEVEL = debug STACKTRACE_LEVEL = debug ``` Unable to locate the problem, but the problem persists: after clicking install, gitea loses response.
GiteaMirror commented 2025-11-02 08:53:49 -06:00
Author
Owner
Copy Link

@Lumysia commented on GitHub (Dec 11, 2022):

I seem to have found the root of the problem: the NFS file system causes problems with sqlite. Tried replacing it with ceph.

@Lumysia commented on GitHub (Dec 11, 2022): I seem to have found the root of the problem: the NFS file system causes problems with sqlite. Tried replacing it with ceph.
GiteaMirror commented 2025-11-02 08:53:49 -06:00
Author
Owner
Copy Link

@Lumysia commented on GitHub (Dec 12, 2022):

The problem has been solved and is a problem created by the use of sqlite and nfs together.

@Lumysia commented on GitHub (Dec 12, 2022): The problem has been solved and is a problem created by the use of sqlite and nfs together.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#9944
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?