Re: How to remove settings from a systemd unit file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jun 4, 2024 at 7:24 PM Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> wrote:
>
> So I was tearing my hair out trying to figure out why attempts to push via
> DAV to a git repo were failing.
>
> Eventually I succeeded in stracing the httpd process sto capture the
> request. It was getting an EROFS when it tried to write to the git repo.
>
> Amusing.
>
> To make a long story short, the culprit was:
>
> ProtectHome=read-only
>
> in /lib/systemd/system/httpd.service,(the git repo was in a directory inside
> a mounted /home partition).
>
> I tried using
>
> systemctl edit httpd
>
> And putting this in there:
>
> [Service]
> ProtectHome=
>
> However this apparently did not work. I threw in the towel and just edited
> /lib/systemd/system/httpd.service and commented this setting out, entirely,
> to finally fix this issue, and happy git pushing resumed.
>
> But how do I fix this so that the next apache update doesn't clobber this?

I think a better choice is to leave the systemd unit files alone. Then
you don't have to worry about your changes getting reverted on updates
and system upgrades.

I also think it is better to avoid serving files from your home
directory. Instead, use /var. Install your Git-managed project in
/var/git (and your Subversion projects in /var/svn). Add a git user,
and make ownership of /var/git as root:git. Finally, change the
server's document root to /var/git/<project>.

This setup works well for me. The only problem I have encountered is
Git's fix for CVE-2022-24765 a/k/a safe directories. Safe directories
caused a big DoS at my site. Also see
<https://github.com/git/git/commit/8959555cee7e>.

Jeff
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux