post-receive /var/www/html denied - wordpress

My username (let’s call it my_name) belongs to the Apache group which is owner of var/www/html directory, sub-directories and files contained within.
In that directory I installed Wordpress. Directories and files permissions are set to 0775 (yeah, I know the files should have 644, but it is not a factor for now).
Well, my username has writing permissions indeed, because I am able to create new files or directories, as well as delete them, by using SSH terminal or WinSCP.
The problem comes up when I run a post-receive hook of a bare git repository, no matter if by running the script or by pushing changes from the local working repository.
In any scenario, the post-receive hook does not work because of permission denied. Really strange and I cannot understand why.
Could you help me please?
Edit:
This is the output of ls -alrth ~/git/devsite.git/hooks directory:
-rwxrwxr-x 1 name apache 896 Apr 2 22:41 commit-msg.sample
-rwxrwxr-x 1 name apache 727 Apr 7 09:09 post-receive
-rwxrwxr-x 1 name apache 189 Apr 2 22:41 post-update.sample
-rwxrwxr-x 1 name apache 398 Apr 2 22:41 pre-applypatch.sample
-rwxrwxr-x 1 name apache 1704 Apr 2 22:41 pre-commit.sample
-rwxrwxr-x 1 name apache 1239 Apr 2 22:41 prepare-commit-msg.sample
-rw-rw-r-- 1 name apache 1348 Apr 2 22:41 pre-push.sample
-rwxrwxr-x 1 name apache 4951 Apr 2 22:41 pre-rebase.sample
-rwxrwxr-x 1 name apache 3611 Apr 2 22:41 update.sample
This is the post-receive script:
#!/bin/sh
TARGET=/var/www/html/wp-content
GIT_DIR=/home/name/git/devsite.git
#run 'post-receive' hook
git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f

Try again after a
cd /path/tp/bare/repo
git config core.sharedRepository true
I mentioned it before in "Permissions with Git Post-Receive".
In the OP's instance, the post-receive script is not placed properly: it should be in ~/git/devsite.git/hooks, not ~/git/devsite.git.

Related

User Plugin in Artifactory not loading

I have Artifactory 6.20.1 running in a Docker container. I'm trying to install the artifactCleanup plugin (https://github.com/jfrog/artifactory-user-plugins/tree/master/cleanup/artifactCleanup)
I have put the artifactCleanup.groovy file in the corresponding folder:
$ ls -all /opt/jfrog/artifactory/var/etc/artifactory/plugins/
total 36
drwxr-xr-x 2 artifact artifact 4096 Feb 24 10:28 .
drwxr-xr-x 3 artifact artifact 4096 Feb 23 15:24 ..
-rwxr-xr-x 1 artifact artifact 5829 Feb 23 15:25 README.md
-rwxr-xr-x 1 artifact artifact 14043 Feb 23 15:26 artifactCleanup.groovy
-rwxr-xr-x 1 artifact artifact 325 Feb 24 10:28 artifactCleanup.json
However if I'm trying to see my loaded plugins I get an empty response
curl -X GET -u "admin:password" http://localhost:8081/artifactory/api/plugins
{}
The Server has been restarted before running that request. All commands have been running inside the Docker container. I have been looking at the documentation (https://www.jfrog.com/confluence/display/JFROG/User+Plugins) on how to install plugins. My User account which was used for the rest calls is an admin account.
Now I am out of clues, why that plugin is not loading?
You can use the below reload plugins using the Reload Plugins REST API endpoint.
https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API#ArtifactoryRESTAPI-ReloadPlugins
Please comment here if you are running into any issues.
Turns out I created a wrong directory. Correct directory is
/var/opt/jfrog/artifactory/etc/plugins
which already existed.

TestCafe chromium test run as part of docker build

For some reason, in our CI, we need to run node tests inside docker container (including fetching dependencies, etc.). So, I am trying to have UI tests run as a part of docker build.
This is how my Dockerfile looks like:
FROM testcafe/testcafe:1.3.3
USER root
#some packages needed for some dependencies
RUN apk add --no-cache yarn python make build-base vim curl
RUN ln -s /opt/testcafe/docker/testcafe-docker.sh /usr/local/bin/testcafe-docker
WORKDIR /usr/src/app
RUN yarn config set registry https://private-npm-registry --global
COPY package*.json ./
RUN yarn
COPY . .
RUN yarn test:ui:ci
# "test:ui:clean": "rm -rf uitests/reports"
# "test:ui:ci-debug": "yarn test:ui:clean; testcafe-docker 'chromium --no-sandbox' uitests/tests -S -s uitests/reports/screenshots --video uitests/reports/videos -r spec,json:uitests/reports/report.json,html:uitests/reports/report.html",
# "test:ui:ci": "start-server-and-test serve http://127.0.0.1:8080 test:ui:ci-debug"
I get ERROR Unable to establish one or more of the specified browser connections. This can be caused by network issues or remote device failure.
Also, I tried using user user, but it gives permission error when creating reports folder inside uitests folder before running tests.
I tried it with and without the --no-sandbox option, got the same issue. Also tried chromium:headless --no-sandbox, got the same error.
Any suggestion, please? Thanks.
UPDATE:
Also tried with user: user (avoiding permission issue by using /tmp folder for report) and got same issue:
20-Jul-2019 23:53:33 > yarn test:ui:clean; whoami; ls -sail; testcafe-docker 'chromium --no-sandbox' uitests/tests -S -s /tmp/uitests/reports/screenshots --video /tmp/uitests/reports/videos -r spec,json:/tmp/uitests/reports/report.json,html:/tmp/uitests/reports/report.html
20-Jul-2019 23:53:33
20-Jul-2019 23:53:34 $ rm -rf /tmp/uitests/reports
20-Jul-2019 23:53:34 user
20-Jul-2019 23:53:34 total 528
20-Jul-2019 23:53:34 13 4 drwxr-xr-x 10 user user 4096 Jul 20 13:52 .
20-Jul-2019 23:53:34 12 4 drwxr-xr-x 8 root root 4096 Jul 20 13:52 ..
20-Jul-2019 23:53:34 79 4 -rw-r--r-- 1 root root 20 Jul 19 07:06 .dockerignore
20-Jul-2019 23:53:34 75 4 -rw-r--r-- 1 root root 45 Jul 19 07:06 .eslintignore
20-Jul-2019 23:53:34 83 4 -rw-r--r-- 1 root root 790 Jul 19 07:06 .eslintrc
20-Jul-2019 23:53:34 78 4 drwxr-xr-x 8 root root 4096 Jul 20 13:48 .git
20-Jul-2019 23:53:34 82 4 -rw-r--r-- 1 root root 326 Jul 20 13:48 .gitignore
20-Jul-2019 23:53:34 87 4 -rw-r--r-- 1 root root 189 Jul 19 07:06 Dockerfile
20-Jul-2019 23:53:34 81 4 -rw-r--r-- 1 root root 592 Jul 20 13:48 DockerfileUITest
20-Jul-2019 23:53:34 89 4 -rw-r--r-- 1 root root 451 Jul 19 07:06 README.md
20-Jul-2019 23:53:34 90 4 drwxr-xr-x 3 root root 4096 Jul 19 07:06 backend
20-Jul-2019 23:53:34 4096 4 drwxr-xr-x 3 user user 4096 Jul 20 13:53 build
20-Jul-2019 23:53:34 85 4 -rwxr-xr-x 1 root root 959 Jul 19 07:06 build.sh
20-Jul-2019 23:53:34 84 4 -rw-r--r-- 1 root root 1124 Jul 19 07:06 deploy.yaml
20-Jul-2019 23:53:34 91 4 drwxr-xr-x 1348 user user 4096 Jul 20 13:52 node_modules
20-Jul-2019 23:53:34 74 4 -rw-r--r-- 1 root root 2959 Jul 20 13:48 package.json
20-Jul-2019 23:53:34 76 4 drwxr-xr-x 2 root root 4096 Jul 19 07:06 public
20-Jul-2019 23:53:34 88 4 -rwxr-xr-x 1 root root 742 Jul 19 07:06 runUITestsInCI.sh
20-Jul-2019 23:53:34 77 4 drwxr-xr-x 8 root root 4096 Jul 19 07:06 src
20-Jul-2019 23:53:34 80 4 drwxr-xr-x 7 root root 4096 Jul 19 07:06 uitests
20-Jul-2019 23:53:34 86 448 -rw-r--r-- 1 root root 454847 Jul 20 13:48 yarn.lock
20-Jul-2019 23:53:34 Using locally installed version of TestCafe.
20-Jul-2019 23:55:36 ERROR Unable to establish one or more of the specified browser connections. This can be caused by network issues or remote device failure.
20-Jul-2019 23:55:36
20-Jul-2019 23:55:36 Type "testcafe -h" for help.
Update-2:
Tried with firefox as well and same issue: ERROR Unable to establish one or more of the specified browser connections. This can be caused by network issues or remote device failure.
Update-3:
Sorry for the delay. Got distracted in something else. Tried both in CI and local machine and it was same behaviour. Also tried suggestion in comment echo -e '#!/bin/sh\n/usr/bin/chromium-browser --no-sandbox --remote-debugging-port=9222 --headless' > /usr/local/bin/testcafe-docker and got following output in both CI and local env.
02-Dec-2019 18:45:17 DevTools listening on ws://127.0.0.1:9222/devtools/browser/711c6409-be9a-4e08-959e-0c994c8c5742
02-Dec-2019 18:45:17 [1202/074517.060637:ERROR:gl_implementation.cc(282)] Failed to load /usr/lib/chromium/swiftshader/libGLESv2.so: Error loading shared library /usr/lib/chromium/swiftshader/libGLESv2.so: No such file or directory
02-Dec-2019 18:45:17 [1202/074517.064824:ERROR:viz_main_impl.cc(176)] Exiting GPU process due to errors during initialization
02-Dec-2019 18:45:17 [1202/074517.072317:WARNING:dns_config_service_posix.cc(341)] Failed to read DnsConfig.
02-Dec-2019 18:45:17 [1202/074517.072782:WARNING:gpu_process_host.cc(1220)] The GPU process has crashed 1 time(s)
02-Dec-2019 18:45:17 [1202/074517.135149:ERROR:gl_implementation.cc(282)] Failed to load /usr/lib/chromium/swiftshader/libGLESv2.so: Error loading shared library /usr/lib/chromium/swiftshader/libGLESv2.so: No such file or directory
02-Dec-2019 18:45:17 [1202/074517.139203:ERROR:viz_main_impl.cc(176)] Exiting GPU process due to errors during initialization
02-Dec-2019 18:45:17 [1202/074517.143251:WARNING:gpu_process_host.cc(1220)] The GPU process has crashed 2 time(s)
02-Dec-2019 18:45:17 [1202/074517.208950:WARNING:gpu_process_host.cc(990)] Reinitialized the GPU process after a crash. The reported initialization time was 0 ms
02-Dec-2019 18:45:17 [1202/074517.209227:ERROR:gpu_channel_manager.cc(397)] ContextResult::kFatalFailure: Failed to create shared context for virtualization.
The recent 'Chromium' versions are not allow you to run them under the root user. Change the user from 'root' to user before running TestCafe tests.
Also, you need to setup permission for creating new folders.
See the detailed explanation in write in shared volumes docker
...
USER user
RUN yarn test:ui:ci
It is because of proxy. We use proxy to reach internet. I was adding http_proxy, https_proxy and no_proxy(127.0.0.1) in docker image. Browser in docker container was trying to reach testcafe server (running in same container) through proxy, because it does not use 127.0.0.1/localhost but 172.17.0.2as testcafe server host inside container. So adding 172.17.0.2 to no_proxy works.

how to apply salt states to just one environment

I'm trying to apply a salt state to my non prod environment at /srv/salt/non-prod
I'm getting this result:
[root#salt non-prod]# salt '*' state.apply
salt.localdomain:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or external nodes data matches found.
Changes:
Summary for salt.localdomain
------------
Succeeded: 0
Failed: 1
I have this location defined in my master config
non-prod:
- /srv/non-prod
- /srv/salt/non-prod/services
- /srv/salt/non-prod/states
I have a top file located here:
[root#salt ~]# cat /srv/salt/non-prod/top.sls
base:
'*':
- apache
- python
- ssh
- users
These are the contents of the non-prod directory
[root#salt ~]# ls -lh /srv/salt/non-prod/
total 16K
drwxr-xr-x. 2 root root 4.0K Oct 3 21:02 apache
drwxr-xr-x. 2 root root 45 Oct 3 20:57 python
drwxr-xr-x. 2 salt salt 6 Oct 3 14:10 services
drwxr-xr-x. 2 root root 54 Oct 3 18:23 ssh
drwxr-xr-x. 2 salt salt 6 Oct 3 14:10 states
-rw-r--r--. 1 root root 80 Oct 3 15:29 state.template
-rw-r--r--. 1 root root 174 Oct 3 15:30 test.sls
-rw-r--r--. 1 root root 61 Oct 3 21:14 top.sls
drwxr-xr-x. 2 root root 22 Oct 3 21:03 users
drwxr-xr-x. 2 salt salt 99 Oct 3 18:28 webserver
it contains a few salt modules
How can I apply salt states to just the non-prod environment?
If you check the syntax using some yaml validation tools, then we can go to next step.
Read saltstack top documentation thoroughly, you will notice setting different environment, you first explicitly define alternate environment name on /etc/salt/master and also specify it under top.sls
i.e., you file_roots specify the non-prod environment
file_roots:
#non-prod environment
non-prod:
- /srv/non-prod
- /srv/salt/non-prod/services
- /srv/salt/non-prod/states
Thus your top.sls should use the environment name non-prod , not base
non-prod:
'*':
- apache
- python
- ssh
- users
Since saltstack always use "base" environment by default, you should apply the state explicitly.
salt '*' state.highstate saltenv=non-prod

Develop WordPress theme with Git on Dreamhost

I am trying to set up my first Git based WordPress theme development using roots as my starting theme. I was planning to develop a theme locally and push to my Dreamhost VPS every now and then. Read some info on the Dreamhost Wiki. I also followed David Winter's tutorial on setting up a WordPress core update option with Git.
I also set up another repo for my theme with the theme roots as a basis. Perhaps I should have made it a submodule too, but I am just learning by doing here.. I set up a bare repo on the server and locally I tried to make a pull request, but this is not working.
Locally
For my local theme I have this:
$ pwd
/opt/local/www/imagewize/wp-content/themes/img/.git
jaspersmbp:.git jasper$ cat config
and here the git config file for the theme:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
[remote "origin"]
url = ssh://me#domain.com/~/domain.com/wp-content/themes/img
fetch = +refs/heads/*:refs/remotes/origin/*
WordPress submodule details are:
location:
$ pwd
/opt/local/www/imagewize
Git config file:
core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
ignorecase = true
[submodule "wordpress"]
url = git://github.com/WordPress/WordPress.git
Remote
On the remote DH VPS inside the theme I have this config:
core]
repositoryformatversion = 0
filemode = true
bare = true
When I am inside the theme locally and try to connect to Dreamhost VPS I get:
$ git pull origin master
fatal: Couldn't find remote ref master
me:img jasper$ fatal: The remote end hung up unexpectedly
Debugging
$ git branch -a
loads nada locally..
git push origin master
error: src refspec master does not match any.
error: failed to push some refs to 'ssh://me#domain.com/~/imagewize.com/wp-content/themes/img'
Update
Adjusted url in config and now I get:
git push origin master
fatal: '/imagewize.com/wp-content/themes/img' does not appear to be a git repository
fatal: The remote end hung up unexpectedly
Update II
I did some more online reading and after I found src refspec master does not match any when pushing commits in git I realized I did do adds, but no commit.
git commit -m 'Initial commit'
[master (root-commit) 7bbcd6a] Initial commit
137 files changed, 17766 insertions(+)
create mode 100644 .gitignore
.........
And then:
$ git push origin master
Counting objects: 150, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (144/144), done.
Writing objects: 100% (150/150), 259.70 KiB, done.
Total 150 (delta 26), reused 0 (delta 0)
To ssh://me#domain.com/~/domain.com/wp-content/themes/img/
* [new branch] master -> master
And we are up and running!
Only somehow my local files were not uploaded to the remote theme folder
$ ls -lha
total 16K
drwxrwxr-x 7 me server 147 Oct 7 20:21 .
drwxr-xr-x 6 me server 105 Oct 7 20:21 ..
-rw-rw-r-- 1 me server 23 Oct 7 20:21 HEAD
drwxrwxr-x 2 me server 10 Oct 7 20:21 branches
-rw-rw-r-- 1 me server 66 Oct 7 20:21 config
-rw-rw-r-- 1 me server 73 Oct 7 20:21 description
drwxrwxr-x 2 me server 4.0K Oct 7 20:21 hooks
drwxrwxr-x 2 me server 28 Oct 7 20:21 info
drwxrwxr-x 4 me server 40 Oct 7 20:21 objects
drwxrwxr-x 4 me server 41 Oct 7 20:21 refs
, but I should work that out soon enough..
Update III
Bare repositories do not have a working directory it seems explained here. They seem to say I should clone on production. So wherever I create the bare repository is not where I clone the final result.
Will just have to change the setup. Where I push to will just be the git repo for keeping track of changes like Github and wherever I want to have the end result I will clone the repo.

XCode does not let me change the code

I have been working on a project and since last week xcode does not let me make any changes in my xib file and another page in the project. However I can make changes in other pages. When I open it as root I can make changes in main.xib as well. What can cause this? It is very annoying.
This is what I get:
“MainWindow.xib” is locked for editing and you may not be able to save your changes. Do you want to unlock it?
Sounds like you have lost ownership of your own files (or some reason). You can confirm this from the command line by simply listing them (ls), for example:
$ ls -l
total 184
-rwxr-xr-x 1 andy staff 2731 7 Dec 2010 AppDelegate.h
-rwxr-xr-x 1 andy staff 3976 7 Dec 2010 AppDelegate.m
-rwxr-xr-x 1 andy staff 2625 7 Dec 2010 Choices.h
...
My username is 'andy', so I already own these files, however if I didn't, I could change ownership of the whole directory hierarchy using chown as root:
$ ls -l
total 0
drwxr-xr-x 12 andy staff 408 15 Dec 2010 CFLocalServer
drwxr-xr-x 23 andy staff 782 18 Dec 2010 GridMenu
drwxr-xr-x 12 andy staff 408 16 Dec 2010 Hello
drwxr-xr-x 16 andy staff 544 18 Dec 2010 NSTableViewBinding
drwxr-xr-x 18 andy staff 612 18 Dec 2010 OpenCL_OceanWave
$ sudo chown -R andy:staff *
Password:
$
You can do this using Finder, but that isn't so easy to explain.
Ultimately you need to find out why you lost ownership as currently you are not in control of your own machine, it is in control of you.

Resources