Git ownership issue in package
I set up a git repo to backup n8n workflows and credentials via a bash script which exports via
npx n8n exportand pushes the data to the repo. The script is started via crontab.
Now a while ago it was running perfectly, no issues. Then suddenly (I assume after package update or Cloudron update) it stopped. Git is not pushing anymore due to an repo ownership issue:
fatal: detected dubious ownership in repository at '/app/data/n8n-backup' To add an exception for this directory, call: git config --global --add safe.directory /app/data/n8n-backup
This is the directory content inkl. rights:
root@package:/app/data/n8n-backup# ll total 28 drwxr-xr-x 5 cloudron cloudron 4096 Jul 7 06:00 ./ drwxr-xr-x 7 cloudron cloudron 4096 Jul 5 16:57 ../ drwxr-xr-x 8 cloudron cloudron 4096 Jul 6 20:47 .git/ -rw-r--r-- 1 cloudron cloudron 562 Jun 14 13:58 README.md drwxr-xr-x 2 root root 4096 Jul 7 06:00 credentials/ -rwxr-xr-x 1 cloudron cloudron 710 Jun 14 13:58 start-backup.sh* drwxr-xr-x 2 root root 4096 Jul 7 06:00 workflows/
start-backup.shis started by the crontab, setup via the app cron settings in Cloudron UI. So its run as root. Also the git command is then called as root. Since the ownership of
cloudrongit is having doubts and stops.
Now if I change the ownership of all content in
root, then start the script, all works fine. But after an update of the app the ownership is reset to
cloudron. Makes sense from security perspective I guess.
Following the suggested git solution (adding the repository directory to the safe list) I am facing the problem that I can not write in the file system:
root@package:/app/code# git config --global --add safe.directory /app/data/n8n-backup error: could not lock config file /root/.gitconfig: Read-only file system
Now adding the setting to the local config of the repository and switching back to
cloudronownership is not working either since git is not recognizing the git repository. Also if I run as user
root@package:/app/data/n8n-backup# runuser -l cloudron -c 'git status' fatal: not a git repository (or any of the parent directories): .git
sucommand helps with the git issue but does not work completely since then the
npxcommand is not found.
Now I could probably add
chown -R root:root /app/data/n8n-backup/as first command to the script but I guess that is not the best way to go.
Anyone some ideas to help me solving this?
The startup code of all packages change the ownership of the data to a non-root user. This is the reason for the change of ownership that you have noticed.
Ideally, your cron job can also run as non-root user (
cloudronin this case). For this reason, keep the n8n-backup directory to always be
cloudronuser. With that in mind...
root@package:/app/data# mkdir myrepo root@package:/app/data# chown -R cloudron:cloudron myrepo root@package:/app/data# cd myrepo/ root@package:/app/data/myrepo# gosu cloudron:cloudron git init hint: Using 'master' as the name for the initial branch. This default branch name <blah blah> Initialized empty Git repository in /app/data/myrepo/.git/ root@package:/app/data/myrepo# echo "hello world" > readme.txt root@package:/app/data/myrepo# gosu cloudron:cloudron git add readme.txt
At this point, you need the gitconfig to commit and push. So, create it under .git itself.
root@package:/app/data/myrepo# cat > .git/config [user] name = Girish Ramakrishnan email = email@example.com root@package:/app/data/myrepo# chown cloudron:cloudron .git/config root@package:/app/data/myrepo# gosu cloudron:cloudron git commit -a -m 'first commit' [master (root-commit) 5c8a66a] first commit 1 file changed, 1 insertion(+) create mode 100644 readme.txt root@package:/app/data/myrepo# gosu cloudron:cloudron git push https://brew.demo.cloudron.io/cloudron/testrepo.git master:main Username for 'https://brew.demo.cloudron.io': cloudron Password for 'https://firstname.lastname@example.org': Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 229 bytes | 229.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 remote: . Processing 1 references remote: Processed 1 references in total To https://brew.demo.cloudron.io/cloudron/testrepo.git * [new branch] master -> main
I am not 100% sure if above is what you want, but maybe it gives you some ideas.
Thanks. I’ll check, but I guess This is working well so far ..
#!/bin/bash # n8n auto backup process # clean up to get all changes rm -r /app/data/n8n-backup/workflows/ rm -r /app/data/n8n-backup/credentials/ # change directory cd /app/code # start export process npx n8n export:workflow --backup --output /app/data/n8n-backup/workflows/ npx n8n export:credentials --backup --output /app/data/n8n-backup/credentials/ # save credentials encrypted # npx n8n export:credentials --decrypted --backup --output /app/data/n8n-backup/credentials/ # save credentials decrypted # Use gosu: gosu cloudron:cloudron cmd --param # git add files, commit and push gosu cloudron:cloudron git -C /app/data/n8n-backup/ add . gosu cloudron:cloudron git -C /app/data/n8n-backup/ commit -m "Auto backup ($(date +'%Y-%m-%d'))" gosu cloudron:cloudron git -C /app/data/n8n-backup/ push # set ownership back to cloudron (fix) chown -R cloudron:cloudron /app/data/n8n-backup/