How are you running OneDev? OneDev should be running as root in the container.

I'm running OneDev from portainer as a stack. I believe it's running as root in the container.

Console

root@18b4139ff392:~#

I started onedev from portainer and pull request works fine without any errors. Also my directory listing is as following:

root@26f95dceb4a0:/opt/onedev/site/projects/1/git# ls -l
total 28
drwxr-xr-x 2 root root 4096 Sep  9 13:21 branches
-rw-r--r-- 1 root root  162 Sep  9 13:21 config
-rw-r--r-- 1 root root   21 Sep  9 13:58 HEAD
drwxr-xr-x 2 root root 4096 Sep  9 13:21 hooks
drwxr-xr-x 3 root root 4096 Sep  9 13:21 logs
drwxr-xr-x 8 root root 4096 Sep  9 14:00 objects
drwxr-xr-x 6 root root 4096 Sep  9 14:00 refs

Please let me know exact steps to reproduce the issue.

I think the issue is permissions in the source directory.

My docker-compose.yml:

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/docker/volumes/onedev-data:/opt/onedev

Permissions on my source directory:

user@host:/opt/docker/volumes/onedev-data/site/projects/1$ ls -l
total 20
drwxr-sr-x  3 user01 user01 4096 Aug 15 05:59 attachment
drwxr-sr-x 15 user01 user01 4096 Sep  9 08:37 builds
drwxr-sr-x  7 user01 user01 4096 Sep  9 06:16 git
drwxr-sr-x  2 user01 user01 4096 Sep  9 08:37 index
drwxr-sr-x  4 user01 user01 4096 Aug 15 05:59 info

My etc/group file:

user01:x:1000:
docker:x:122:user01

Is OneDev running as root in the container? This is required.

Disregard my previous comment. I see you are already running as root.

To double check, please login to the container, and run ps -ef to see the actual user OneDev process is running as.

Also please change owner and group of /opt/docker/volumes/onedev-data to be root recursively.

Close it now. Feel free to reopen if there is more clue.

Sorry for the late respone. Re-opening

The process owner is correct. I did some more test, and this situation only happens when OneDev is running in bare metal mode, in which case, repository is cloned with the user running OneDev process, and then handled to container. In this case, if you operate the repository with git in container, it will complain with this message, and it is fine to add it as safe directory in your container.

However you mentioned that OneDev is running with portainer, in which case the OneDev process itself is also running as root, and such issue should never happen. So this confuses me. If you can investigate to provide me a detailed reproducing step, it will be help a lot.

Also please change owner and group of /opt/docker/volumes/onedev-data to be root recursively.

This seems to have fixed the issue.

If you can investigate to provide me a detailed reproducing step, it will be help a lot.

Portainer stack:

version: "3"

services:
  onedev-app:
    container_name: onedev
    image: 1dev/server:7.5.3
    restart: always
    ports:
      - "6610:6610"
      - "6611:6611"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${ONEDEV_DATA}:/opt/onedev

Where ONEDEV_DATA is: /opt/docker/volumes/onedev-data

It seems ondev doesn't like the fact i've set the permissions of /opt/docker/volumes/onedev-data to be my own user name and user group.

Docker itself doesn't mind because I've added myself to the docker group as per instructions from docker:

https://docs.docker.com/engine/install/linux-postinstall/

Let me know if there's anything else I can provide that might be useful.

Environment

Portainer: 2.15.0
OneDev: 7.5.3
Host OS: Ubuntu 22.04 LTS (Bare metal)

It is fine that /opt/docker/volumes/onedev-data is owned by your own account. When OneDev container starts, it will populate this directory as root so everything under this directory should be owned by root then.

If they are changed to be owned by other accounts outside of OneDev, just change it back to be owned by root and things should be fine.

it will populate this directory as root so everything under this directory should be owned by root then

From what I can gather, do you mean this happens only once when that directory first gets populated?

If they are changed to be owned by other accounts outside of OneDev, just change it back to be owned by root and things should be fine.

I'm not an expert in this area, but this sounds counter intuitive to me. Is it possible for onedev to operate without having to change the whole directory to root? Asking from a noob perspective tbh.

From what I can gather, do you mean this happens only once when that directory first gets populated?

Every time OneDev upgrades, it will repopulate this directory

I'm not an expert in this area, but this sounds counter intuitive to me. Is it possible for onedev to operate without having to change the whole directory to root? Asking from a noob perspective tbh.

OneDev currently runs as root in the container. This is the reason why the directory is populated as root.

Every time OneDev upgrades, it will repopulate this directory

I'm dubious about this, at least on how successful it goes about it. Because in my original issue description you can see the whole git directory is owned by user not root:

ls -la /opt/onedev/site/projects/1/git
drwxr-sr-x  7 1000 1000 4096 Aug 15 05:59 .
drwxr-sr-x  7 1000 1000 4096 Sep  5 08:52 ..
drwxr-sr-x  2 1000 1000 4096 Aug 15 05:59 branches
-rw-r-Sr--  1 1000 1000  162 Aug 15 05:59 config
-rw-r-Sr--  1 1000 1000   21 Aug 15 05:59 HEAD
drwxr-sr-x  2 1000 1000 4096 Aug 15 05:59 hooks
drwxr-sr-x  3 1000 1000 4096 Aug 15 05:59 logs
drwxr-sr-x 21 1000 1000 4096 Sep  9 02:02 objects
drwxr-sr-x  4 1000 1000 4096 Aug 15 05:59 refs

And I've upgraded multiple times over the lifetime of the install. So I assume whatver permissions I had on it, it would have been overwritten when upgraded.

Note that before I ran chown for the whole onedev data dir, I noticed that some files were owned by root and some by me.

My mistake. File copy during upgrade does not change the ownership. I am not sure why its permission is incorrect in the first place. But once you changed back to root, things should be fine now.

Ok. So in your opinion, this is working as expected. And no change required? If so, please close. Thanks

As long as all contents under /opt/docker/volumes/onedev-data is owned by root, everything will be fine.