Domanda
I have the following setup:
Two users: example and git
Inside /home/git/repositories/project.git/hooks/post-receive I have a checkout to /home/example/public_html/dev
So with every git push, the project files are published to http://dev.example.com
The problem is, the checkout is performed from the git user, so all the files inside the dev directory are owned by git:git and the permissions are 600.
So visiting http://dev.example.com will not show the page. since user apache has no access to it.
Someone suggested to do a chown inside the post-receive hook. Well, then user git needs to be sudo. So I added user git as a sudoer. The next problem was "sorry, you must have a tty to run sudo" So I comment out #Default requiretty, but run into a next problem.
Making user git a sudoer is not what I wanted (not secure) so I changed everything back to normal.
Are there other more secure options to try?
Probably let the post-receive hook trigger a php file inside dev folder and this php file will do the checkout?
Or can I symlink the dev folder to a folder inside /home/git in a way apache kan show them in the browser?
Soluzione
Solved.
My post-receive hook is as follows:
https://stackoverflow.com/questions/17755205
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian#!/bin/sh
echo "Deploying to http://dev.example.com"
GIT_WORK_TREE=/home/example/domains/example.com/public_html/dev git checkout -f
cd /home/example/domains/example.com/public_html/dev
find -type f -group 'git' -exec chmod 644 -R {} \;
find -type d -group 'git' -exec chmod 755 -R {} \;
This will work as long as there are no writable directories needed. Otherwise I have to add them as extra chmod lines to the hook script
Altri suggerimenti
You should always push to a bare repository, so there is no question of permission.
You can have a post-update hook which 'ssh (public key)' to your DocumentRoot and does git pull. That way your pushes are instantly available on webserver.
Although this technique will work, but pulling stuff instantly to DocumentRoot might not be a good idea, I'd rather do it in a cron so that webserver caches needn't be refreshed at unpredictable interval.
