2

I'm maintaining several websites using Git after following this guide http://toroid.org/ams/git-website-howto

I make changes to my local repository and commit I then git push to a remote repository on my server In hooks/post-receive I do this:

#! /bin/sh
GIT_WORK_TREE=/home/user/public_html/ git checkout -f

This works very well except I push via ssh as root so all checked out files are owned by root:root. This causes permission problems.

The solution I'm currently using is to add a line to the post-receive file like:

chown -R user:user /home/user/public_html/*

This works fine, apart from the obvious problem of setting ALL files in public_html to user:user which isn't necessarily what is want and is probably a bit inefficient. Also it introduces another chance to type user:user wrong.

So:

  1. Is there a way to only set the files that are being checked out rather than all the files in public_html?

  2. Is there a way to stop the files being owned by root:root in the first place? I have to ssh in as root as I don't want to give other users ssh access.

user844621
  • 83
  • 1
  • 7

1 Answers1

1

I do not think pushing files to git as root system user matters. Because git does not necessarily use system user as git user.

There is something incorrect about your deployment workflow.

Instead of checking out the files directly into public_html, you should probably use another folder, which is not in the DocumentRoot. Exposing your git repo to the world may not be what you want to do.

I suggest you have another folder /home/user/git_cache

cd /home/user/git_cache && git checkout -f
cp -RpP /home/user/git_cache/* /home/user/public_html/*
Litmus
  • 10,558
  • 6
  • 29
  • 44
  • The git repo is outside of public_html, this is why I checkout to public_html after a push. See the link in my question – user844621 Oct 20 '13 at 17:53
  • There must be a reason why the files are owned by root after this - maybe it's because the repo is owned by root? I'll test this – user844621 Oct 20 '13 at 18:01
  • Tried it, doesn't matter who is the owner and group of the repo, the files checked out to public_html are owned by root:root. – user844621 Oct 20 '13 at 18:21
  • Try prepending the git checkout command with sudo -u like this 'sudo -u user git checkout' – Litmus Oct 20 '13 at 18:36
  • Tried this and I get 'sorry, you must have a tty to run sudo' – user844621 Oct 20 '13 at 18:57
  • use `gitosis` or `gitolite` to simplify permission handling. Even better if you could switch to `capistrano`(simple) or `chef`, `puppet` (complex), for managing your deployments. To continue with your current approach take a [look at this](http://stackoverflow.com/a/9573247/1243123) – Litmus Oct 21 '13 at 03:41
  • Thanks you've been most helpful – user844621 Oct 21 '13 at 10:29
  • This gave me the idea I needed to script something more comprehensive, including taking a pre-copy backup of production. Thank you very much. – J. B. Rainsberger Sep 14 '14 at 12:43