2

I have user gitlab-runner which is running CI and basically whenever I push something to gitlab repository it will build the project and then copy it to /var/www/stanislavromanov.com.

The problem is that it has no permission to do so.

Error

$ cp -R ./build/* /var/www/stanislavromanov.com/
cp: cannot create regular file '/var/www/stanislavromanov.com/404.html': Permission denied
cp: cannot create directory '/var/www/stanislavromanov.com/blog': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/ci.log': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/favicon.ico': Permission denied
cp: cannot create directory '/var/www/stanislavromanov.com/fonts': Permission denied
cp: cannot create directory '/var/www/stanislavromanov.com/img': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/index.html': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/index.xml': Permission denied
cp: cannot create directory '/var/www/stanislavromanov.com/privacy': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/scripts.js': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/sitemap.xml': Permission denied
cp: cannot create regular file '/var/www/stanislavromanov.com/styles.css': Permission denied
ERROR: Build failed: exit status 1

I have tried this: sudo chown -R gitlab-runner /var/www and this sudo chown -R gitlab-runner:gitlab-runner /var/www.

Still have same error. I am 100% sure that user is gitlab-runner because when I do whoami it shows gitlab-runner.

What am I doing wrong?

I fixed it by setting chmod 777 to the stanislavromanov.com however I believe this is far from optimal solution.

sed
  • 297
  • 2
  • 4
  • 12
  • 1
    First check, ensure directory permissions allow write (it probably does). If that is not the issue it could be selinux. You can verify this by checking `/var/log/audit/audit.log` for errors in creating these files. `getenforce` will tell you if selinux is running in Enforcing mode. If this is the problem, you will need to update the selinux context for this folder to allow writing for this user. – K Richardson Nov 04 '16 at 20:41
  • No, selinux is not installed. – sed Nov 04 '16 at 20:44

1 Answers1

0

Firstly, I wouldn't change the POSIX owner or group recursively for the entire www directory, you can use extended acls for that. To do that you would need to do sudo setfacl -R -m u:gitlab-runner:rwx /var/www.

You could then add the gitlab-runner user to the sudoers file and change your scripts by prepending sudo to the relevant commands. Failing that, you would need to see the output of a getfacl on the target directory.

Brett Levene
  • 776
  • 6
  • 9