Git repository checkout fails when using native Git executable
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When trying to use native Git executable, Bamboo gives a permission denied error:
1
2
3
Executing Task 'Checkout Default Repository(2)' of type com.atlassian.bamboo.plugins.vcs:task.vcs.checkout.(java.lang.RuntimeException :
com.atlassian.bamboo.repository.RepositoryException: Cannot fetch branch
'(unresolved) 963c55456144b9549c2ea196c68b89f47982368e' from 'git@git.company.com:repo' to source directory '/var/bamboo-home/xml-data/build-dir/PROJ1-PLAN1-JOB1'. command /usr/bin/git ls-remote ssh://f20b0a52-1011-4674-86a2-3a58d47f22d6@127.0.0.1:59897/bbb-api failed with code 128. Working directory was [/var/bamboo-home/xml-data/build-dir/PROJ1-PLAN1-JOB1]., stderr: [fatal: cannot exec '/tmp/bamboo-ssh.9900a68e.sh': Permission denied, fatal: unable to fork])NOTE: Bamboo is running as root, and /usr/bin/git is owned by root and has "rwxr-xr-x" permissions.
Cause
The /tmp directory on your server is a mount point. That mount point has 'noexec' set on it. That's where the 'Permission denied' error is coming from.
Workaround
If noexec must remain set on the mount for /tmp, you can override the temp directory location to another path does have execute permissions.
Edit the
$HOME/bamboo-agent-home/conf/wrapper.confAdd an additional parameter to override tmpdir. Example below:
1 2 3 4 5wrapper.java.additional.1=-Dbamboo.home=/<path>/bamboo-agent-home/ wrapper.java.additional.2=-Dbamboo.agent.ignoreServerCertName=false #wrapper.java.additional.3=-Dlog4j.configuration= #wrapper.java.additional.3=-agentlib:yjpagent wrapper.java.additional.3=-Djava.io.tmpdir=/<path>/bamboo-agent-home/tempNote, wrapper.java.additional.x must be numbered sequentially for the argument to be read. In this default example, both 3's are commented out so we need to re-use it for the tmpdir but your configuration might be different.
Restart the agent.
Resolution
Here are the investigation steps leading to the solution.
Temporarily set the GIT_SSH environment variable to point to /tmp/bamboo-ssh.9900a68e.sh file and try to run normal Git clone procedure from command line. It might be useful to edit the /tmp/bamboo-ssh.9900a68e.sh file and, for example, cut the 'exec' from the beginning to see how the Git checkout will behave:
1
ssh -o StrictHostKeyChecking=no -o BatchMode=yes -o UserKnownHostsFile=/dev/null $@
Here is the result of a Git clone from command line after changing the GIT_SSH environment variable and trying to clone:
1
2
3
4
5
6
[root@server tmp]# git clone $GIT:product
Cloning into 'product'...
fatal: cannot exec '/tmp/bamboo-ssh.9900a68e.sh': Permission denied
fatal: unable to fork
[root@server tmp]# ./bamboo-ssh.9900a68e.sh
-bash: ./bamboo-ssh.9900a68e.sh: /bin/sh: bad interpreter: Permission deniedIf /bin/sh is set correctly, and bamboo-ssh.9900a68e.sh script is owned by root and has at least 755 permissions, then 'Permission denied' error means a system-level issue (when running the script as root).
After running the following command you will see that the /tmp directory is a mount (and has 'noexec'):
1
2
[root@server tmp]# mount | grep tmp
/dev/mapper/Vol00-Log01 on /tmp type ext3 (rw,noexec,nosuid,nodev)Edit /etc/fstab and remove 'noexec' (and nosuid), then reboot the Bamboo server and try to checkout again.
Was this helpful?