Codeberg/Community
54
325
Fork
You've already forked Community
12

"User permission denied for writing" for unclear reasons #1974

Closed
opened 2025年06月04日 23:31:52 +02:00 by civodul · 10 comments

Comment

Hello,

Several "collaborators" with write access to https://codeberg.org/guix/guix fail to push:

remote: Forgejo: User permission denied for writing.
To ssh://codeberg.org/guix/guix.git
 ! [remote rejected] master -> master (pre-receive hook declined)

This includes @glv, @pelzflorian, @jgart, and @vagrantc (see guix/guix#411 and guix/guix#383). Interestingly, other collaborators (non-owners) do not have that problem, including @ieure and @hako.

I checked permissions and branch protection but I can't find the reason for this.

Any idea what we're missing?

### Comment Hello, Several "collaborators" with write access to https://codeberg.org/guix/guix fail to push: ``` remote: Forgejo: User permission denied for writing. To ssh://codeberg.org/guix/guix.git ! [remote rejected] master -> master (pre-receive hook declined) ``` This includes @glv, @pelzflorian, @jgart, and @vagrantc (see https://codeberg.org/guix/guix/issues/411 and guix/guix#383). Interestingly, other collaborators (non-owners) do not have that problem, including @ieure and @hako. I checked permissions and branch protection but I can't find the reason for this. Any idea what we're missing?

If this helps in debugging the issue, I tried the following and got a relevant warning but not sure how to proceed from here yet or if this failure is actually relevant to the above or not:

$ ssh git@codeberg.org
PTY allocation request failed on channel 0
Hi there, jgart! You've successfully authenticated with the key named framework, but Forgejo does not provide shell access.
If this is unexpected, please log in with password and setup Forgejo under another user.
Connection to codeberg.org closed.
If this helps in debugging the issue, I tried the following and got a relevant warning but not sure how to proceed from here yet or if this failure is actually relevant to the above or not: ``` $ ssh git@codeberg.org PTY allocation request failed on channel 0 Hi there, jgart! You've successfully authenticated with the key named framework, but Forgejo does not provide shell access. If this is unexpected, please log in with password and setup Forgejo under another user. Connection to codeberg.org closed. ```

@civodul wrote in #1974 (comment):

Interestingly, other collaborators (non-owners)

Although it shouldn't matter as being a collaborator should take precedence. Are any of the teams assigned to the guix repository?

@civodul wrote in https://codeberg.org/Codeberg/Community/issues/1974#issue-1737600: > Interestingly, other collaborators (non-owners) Although it shouldn't matter as being a collaborator should take precedence. Are any of the teams assigned to the guix repository?
Author
Copy link

@Gusted Teams exist at the org level. What do you mean by "assigned to the guix repository"?

@Gusted Teams exist at the org level. What do you mean by "assigned to the guix repository"?

Each team has permissions and you can add repositories to those teams and those permissions will have effect on those repositories. However I presume because teams are used for reviews, the permission system of these teams is not really used?

Each team has permissions and you can add repositories to those teams and those permissions will have effect on those repositories. However I presume because teams are used for reviews, the permission system of these teams is not really used?
Author
Copy link

@Gusted Right. The teams all provide read-only access to the repo, but the people mentioned above are also collaborators with write access to the repo.

@Gusted Right. The teams all provide read-only access to the repo, but the people mentioned above are also collaborators with write access to the repo.

Were these collaborators added when the repository was private or not yet under the guix organisation? I have reason to believe that if you remove and then re-add these users as collaborators, they will no longer have this permissions problem.

Currently they are lacking entries in the access table and adding collaborators should create such entry. This is quite strange to me, because I've removed and then re-added @glv as collaborator to the guix repository and such entry was created. This likely means when they were first added there must have been some condition from preventing such entry of being created.

I've re-added people as collaborators of whom you mentioned of having this issue, please report if they still face this permission issue.

Were these collaborators added when the repository was private or not yet under the guix organisation? I have reason to believe that if you remove and then re-add these users as collaborators, they will no longer have this permissions problem. Currently they are lacking entries in the `access` table and adding collaborators should create such entry. This is quite strange to me, because I've removed and then re-added @glv as collaborator to the guix repository and such entry was created. This likely means when they were first added there must have been some condition from preventing such entry of being created. I've re-added people as collaborators of whom you mentioned of having this issue, please report if they still face this permission issue.

Wahoo, I can push again! (also, presumably related, I can also propose Pull Requests through the web interface, which had also been broken)

Thanks!

Wahoo, I can push again! (also, presumably related, I can also propose Pull Requests through the web interface, which had also been broken) Thanks!

@civodul @Gusted

Thanks!

I was able to push some commits now. Much appreciated.

@civodul @Gusted Thanks! I was able to push some commits now. Much appreciated.
Author
Copy link

@Gusted Since they are "collaborators", and not "owners", I believe they were added after the guix repo had been created (the guix repository is actually renamed from the former guix-mirror repo, if that matters). But all collaborators were added around the same time, so I'm not sure what's different about these fine people. :-)

Anyhow, thanks a lot for tracking it down and for fixing it!

@Gusted Since they are "collaborators", and not "owners", I believe they were added after the `guix` repo had been created (the `guix` repository is actually renamed from the former `guix-mirror` repo, if that matters). But all collaborators were added around the same time, so I'm not sure what's different about these fine people. :-) Anyhow, thanks a lot for tracking it down and for fixing it!
Author
Copy link

I'm closing the issue. @glv, @pelzflorian: please let us know if it doesn't work for you!

I'm closing the issue. @glv, @pelzflorian: please let us know if it doesn't work for you!
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#1974
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?