[solved] Permission problems with git-lfs pushes

When trying to push new git-lfs managed files to my gitea 1.12.5 repository, the push fails with permission errors like this in the gitea log:

...lfs/content_store.go:61:Put() [E] Whilst putting LFS OID[/srv/git/lfs-data/5a/aa/85a301f9bd737ddb742dbe86aa93c822115e48ee4f0146f35da82edaf26c.tmp]: Unable to open temporary file for writing: open /srv/git/lfs-data/5aaa/85a301f9bd737ddb742dbe86aa93c822115e48ee4f0146f35da82edaf26c.tmp: read-only file system Error: %!v(MISSING)

...lfs/content_store.go:55:Put() [E] Whilst putting LFS OID[2e0e8395bc0ffe0762558e03ed36b6e571da664c925bd9d688e016a02355dfee]: Unable to create the LFS directory: /srv/git/lfs-data/2e/0e Error: mkdir /srv/git/lfs-data/2e: read-only file system

But the file system is mounted rw and manually executing the mkdir command as the gitea user from the error log succeeds without problem: su gitea -c "mkdir /srv/git/lfs-data/2e".
The permissions of the lfs data directory also look correct:
drwx------ 1 gitea gitea 400 12. Okt 01:39 lfs-data

Am I missing something or is this a bug? The lfs server is run as the same user as gitea is, isn’t it?

It seems the filesystem is readonly.

Yes, so it seems, but how come that a su gitea -c "mkdir /srv/git/lfs-data/2e" can create the directory without any problems, while gitea itself fails to do so?

So in total I suppose there’s more to it than just a normal read-only condition.

Solved this.

Turns out it was an issue with my distro’s packaging: Since NixOS 20.09 the systemd service is sandboxed even further, only allowing writes to certain paths.
I had to move my LFS path config from the services.gitea.extraConfig to the new services.gitea.lfs options to make that path writable.