Post-receive hook to /var/www/html and permissions

Question

I created a wordpress staging remote on my Centos 7 VPS. Wordpress is installed in this directory /var/www/html and group/owner is the default apache:apache. Then I created a bare git repo on something like ~/git/repo and the post-receive with this bash script in hooks:

#!/bin/sh
TARGET=/var/www/html/wp-content
GIT_DIR=/home/username/git/repo

#(1) Change directory's ownership to allow writing
sudo chown -R username:apache /var/www/html

#run 'post-receive' hook
git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f

#(2) return to original 
sudo chown -R apache:apache /var/www/html

Let me explain. (1) = because otherwise I could not write anything in that target directory, so I have to change ownership to my current username. (2) = because otherwise, by maintaining the username:apache I could not install anything by the wordpress admin front-end: FTP permission credentials input.

On my local environment I had created the working git repository at wp-content of wordpress installation and linked to the remote. Now, the problem is that when I push changes using GIT bash or Sourcetree, file are transferred to the bare remote repo, but the post-receive script fails because of its sudo command.

What do you suggest me as turnaround?

is nobody able to help me on the matter? – R99Photography Apr 06 '18 at 19:30 — R99Photography, Apr 06 '18 at 19:30

score 0 · Answer 1 · answered Aug 14 '18 at 13:42

I'm looking for a similar solution. So far, here are the two parts I'm using:

1) post-receive hook:

    #!/bin/bash
    TARGET="/var/www"
    GIT_DIR="/home/<username>/repo.git"
    BRANCH="master"

    while read oldrev newrev ref
    do
        # only checking out the master (or whatever branch you would like to deploy)
        if [[ $ref = refs/heads/$BRANCH ]];
        then
            echo "Ref $ref received. Deploying ${BRANCH} branch to production..."
            git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f
        else
            echo "Ref $ref received. Doing nothing: only the ${BRANCH} branch may be deployed on this server."
        fi
    done

2) gaining Write-permission through group privileges

    $ sudo usermod -a -G www-data <username>
    $ sudo chmod -R g+w /var/www/domainname/public_html

In your case, www-data would be replaced with the GROUP owning the directory to which you need write access. I'm willing to do that until root owns the served directory.

Just to be clear, these ideas came from two separate sources. I am using them together and passing them along as a single solution that I've found works for me. The links to the original sources have been included for reference.

References:

this gist, a post-receive hook that does not depend on sudo:
add your user to the group with write-privileges

FWIW, I also stubbed my toes (fatal: ...not a git repository...) on the differences between a repo and a bare repo and the reference to --git-dir.

Good Luck

Post-receive hook to /var/www/html and permissions

1 Answers1