Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Git ownership issue in package

Git ownership issue in package

Scheduled Pinned Locked Moved Solved Support
3 Posts 2 Posters 494 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dev-cbD Offline
      dev-cbD Offline
      dev-cb
      wrote on last edited by
      #1

      I set up a git repo to backup n8n workflows and credentials via a bash script which exports via npx n8n export and pushes the data to the repo. The script is started via crontab.

      Now a while ago it was running perfectly, no issues. Then suddenly (I assume after package update or Cloudron update) it stopped. Git is not pushing anymore due to an repo ownership issue:

      fatal: detected dubious ownership in repository at '/app/data/n8n-backup'
      To add an exception for this directory, call:
      git config --global --add safe.directory /app/data/n8n-backup
      

      This is the directory content inkl. rights:

      root@package:/app/data/n8n-backup# ll
      total 28
      drwxr-xr-x 5 cloudron cloudron 4096 Jul  7 06:00 ./
      drwxr-xr-x 7 cloudron cloudron 4096 Jul  5 16:57 ../
      drwxr-xr-x 8 cloudron cloudron 4096 Jul  6 20:47 .git/
      -rw-r--r-- 1 cloudron cloudron  562 Jun 14 13:58 README.md
      drwxr-xr-x 2 root     root     4096 Jul  7 06:00 credentials/
      -rwxr-xr-x 1 cloudron cloudron  710 Jun 14 13:58 start-backup.sh*
      drwxr-xr-x 2 root     root     4096 Jul  7 06:00 workflows/
      

      The script start-backup.sh is started by the crontab, setup via the app cron settings in Cloudron UI. So its run as root. Also the git command is then called as root. Since the ownership of .git/ is cloudron git is having doubts and stops.

      Now if I change the ownership of all content in /app/data/n8n-backup/ to root, then start the script, all works fine. But after an update of the app the ownership is reset to cloudron. Makes sense from security perspective I guess.

      Following the suggested git solution (adding the repository directory to the safe list) I am facing the problem that I can not write in the file system:

      root@package:/app/code# git config --global --add safe.directory /app/data/n8n-backup 
      error: could not lock config file /root/.gitconfig: Read-only file system
      

      Now adding the setting to the local config of the repository and switching back to cloudron ownership is not working either since git is not recognizing the git repository. Also if I run as user cloudron no success:

      root@package:/app/data/n8n-backup# runuser -l cloudron -c 'git status' 
      fatal: not a git repository (or any of the parent directories): .git
      

      The su command helps with the git issue but does not work completely since then the npx command is not found.

      Now I could probably add chown -R root:root /app/data/n8n-backup/ as first command to the script but I guess that is not the best way to go.

      Anyone some ideas to help me solving this?

      1 Reply Last reply
      0
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        The startup code of all packages change the ownership of the data to a non-root user. This is the reason for the change of ownership that you have noticed.

        Ideally, your cron job can also run as non-root user (cloudron in this case). For this reason, keep the n8n-backup directory to always be cloudron user. With that in mind...

        root@package:/app/data# mkdir myrepo
        root@package:/app/data# chown -R cloudron:cloudron myrepo
        root@package:/app/data# cd myrepo/
        root@package:/app/data/myrepo# gosu cloudron:cloudron git init
        hint: Using 'master' as the name for the initial branch. This default branch name
        <blah blah>
        Initialized empty Git repository in /app/data/myrepo/.git/
        root@package:/app/data/myrepo# echo "hello world" > readme.txt
        root@package:/app/data/myrepo# gosu cloudron:cloudron git add readme.txt 
        

        At this point, you need the gitconfig to commit and push. So, create it under .git itself.

        root@package:/app/data/myrepo# cat > .git/config
        [user]
                name = Girish Ramakrishnan
                email = girish@cloudron.io
        root@package:/app/data/myrepo# chown cloudron:cloudron .git/config
        root@package:/app/data/myrepo# gosu cloudron:cloudron git commit -a -m 'first commit'
        [master (root-commit) 5c8a66a] first commit
         1 file changed, 1 insertion(+)
         create mode 100644 readme.txt
        root@package:/app/data/myrepo# gosu cloudron:cloudron git push https://brew.demo.cloudron.io/cloudron/testrepo.git master:main
        Username for 'https://brew.demo.cloudron.io': cloudron
        Password for 'https://cloudron@brew.demo.cloudron.io': 
        Enumerating objects: 3, done.
        Counting objects: 100% (3/3), done.
        Writing objects: 100% (3/3), 229 bytes | 229.00 KiB/s, done.
        Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
        remote: . Processing 1 references
        remote: Processed 1 references in total
        To https://brew.demo.cloudron.io/cloudron/testrepo.git
         * [new branch]      master -> main
        

        I am not 100% sure if above is what you want, but maybe it gives you some ideas.

        1 Reply Last reply
        0
        • dev-cbD Offline
          dev-cbD Offline
          dev-cb
          wrote on last edited by
          #3

          Hi @girish!

          Thanks. I’ll check, but I guess This is working well so far ..

          #!/bin/bash
           
          # n8n auto backup process
           
          # clean up to get all changes
           
          rm -r /app/data/n8n-backup/workflows/
          rm -r /app/data/n8n-backup/credentials/
          
          # change directory
           
          cd /app/code
          
          # start export process
          npx n8n export:workflow --backup --output /app/data/n8n-backup/workflows/
          npx n8n export:credentials --backup --output /app/data/n8n-backup/credentials/ # save credentials encrypted
           
          # npx n8n export:credentials --decrypted --backup --output /app/data/n8n-backup/credentials/ # save credentials decrypted
           
          # Use gosu: gosu cloudron:cloudron cmd --param
           
          # git add files, commit and push
          gosu cloudron:cloudron git -C /app/data/n8n-backup/ add .
          gosu cloudron:cloudron git -C /app/data/n8n-backup/ commit -m "Auto backup ($(date +'%Y-%m-%d'))"
          gosu cloudron:cloudron git -C /app/data/n8n-backup/ push
          
          # set ownership back to cloudron (fix)
           
          chown -R cloudron:cloudron /app/data/n8n-backup/
          
          1 Reply Last reply
          2
          • girishG girish marked this topic as a question on
          • girishG girish has marked this topic as solved on
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


            • Login

            • Don't have an account? Register

            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search