Closed
Description
Description
I followed the docs for an ssh shim passthrough.
The docs say the host and container users must have the same uid/gid. Since my host user gitea has uid/gid of 500, I set that in my docker-compose.yml:
services:
gitea:
# ...
volumes:
- /home/gitea/.ssh/:/data/git/.ssh/
- gitea:/data/
environment:
- USER_UID=500
- USER_GID=500
volumes:
gitea:The mapped .ssh directory has this (where gitea is 500:500 as above):
-rw------- 1 gitea gitea 825 Jun 21 06:40 authorized_keys
When I try to add an ssh key in the website, it shows an internal server error (500), and the logs show this:
2023/06/21 06:43:58 ...s/asymkey/ssh_key.go:86:addKey() [I] [SQL] INSERT INTO `public_key` (`owner_id`,`name`,`fingerprint`,`content`,`mode`,`type`,`login_source_id`,`created_unix`,`updated_unix`,`verified`) VALUES (?,?,?,?,?,?,?,?,?,?) [1 main SHA256:............redacted....................] - 156.153µs
2023/06/21 06:43:58 .../web/wrap_convert.go:46:func3() [I] [SQL] ROLLBACK [] - 59.49µs
2023/06/21 06:43:58 ...user/setting/keys.go:188:KeysPost() [E] AddPublicKey: addKey: open /data/git/.ssh/authorized_keys: permission denied
So the container's git user cannot access /data/git/.ssh/authorized_keys.
So I ran docker exec into the container, and ran $ id git, which gives:
uid=1000(git) gid=1000(git) groups=1000(git),1000(git)
So the container still uses the default uid/gid of 1000 instead of my 500 override. That's why it can't access the file.
Is this a bug?
Gitea Version
1.19.3
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.39.2
Operating System
debian
How are you running Gitea?
docker
Database
SQLite