7

On my server, I have two users, www-data (which is used by nginx) and git. The git user owns a repository that contains my website's code, and the www-data user owns a clone of that repository (which serves as the webroot for nginx). I want to set up a workflow such that pushing to git's repository causes www-data's repository to update, thus updating my website.

What is the correct way to set up the hooks for these repositories (that also takes into consideration privileges and permissions of these two users)?

Improve this question
3
  • Is it really a good idea to have all your public content owned by the user account that runs the server? If the server or your code is exploited, the exploit could modify persistent data, rather than just have access to scribble on your database connections... Commented Mar 26, 2011 at 1:06
  • Then should I make the public content owned by git, and make it readable by everyone? That would also simplify the permission issues in this question... Commented Mar 26, 2011 at 1:11
  • If you're content with it as a solution, then yes, it would save you the hassle of finding a new way to push from git to www-data repos. :) Do you prefer having two git repos on the server? Another option is to set the group ownership of the files to be one of the server's groups, and allow read access through group privileges. Commented Mar 26, 2011 at 1:18

2 Answers 2

Reset to default
5

Remove the repository owned by www-data and follow the solution on this webpage for setting up a post-receive hook in the repository owned by git.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

I ended up making the public content owned by the git user, and readable by all. Then, I did the following to set up the hooks:

Assuming the repository is called mysite:

  1. Create a detached work tree that will act as the webroot (as the user git)

    mkdir /var/www/mysite
cd /path/to/repository/mysite.git
git config core.worktree /var/www/mysite
git config core.bare false
git config receive.denycurrentbranch ignore

  2. Add a post-receive hook that will update the website and set correct permissions for it

    touch hooks/post-receive
chmod +x hooks/post-receive
vim hooks/post-receive

    The post-receive script:

    #!/bin/sh
git checkout -f
chmod -R o+rX /var/www/mysite

Reference:
http://www.deanoj.co.uk/programming/git/using-git-and-a-post-receive-hook-script-for-auto-deployment/

Update: Here is a better solution.

Note: earlier versions of this howto depended on setting the git config variables core.worktree to the target directory, core.bare to false, and receive.denycurrentbranch to ignore. But these changes are not needed if you use GIT_WORK_TREE (which didn't work when I first wrote the howto), and the remote repository can remain bare.

Improve this answer

2 Comments

Ack why do people keep finding all of these nasty solutions people blog about instead of the proper ones.
@Arrowmaster: Thanks, simpler is always better.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.