git post-receive后更改所有权 [英] Changing ownership after a git post-receive
问题描述
我有以下设置:
两个用户:example和git
Two users: example and git
在/home/git/repositories/project.git/hooks/post-receive
内部,我要结帐到/home/example/public_html/dev
因此,每次git推送时,项目文件都会发布到 http://dev.example.com
So with every git push, the project files are published to http://dev.example.com
问题是,签出是从git用户执行的,因此dev目录内的所有文件都由git:git拥有,权限为600.
The problem is, the checkout is performed from the git user, so all the files inside the dev directory are owned by git:git and the permissions are 600.
因此,访问 http://dev.example.com 不会显示该页面.因为用户apache无法访问它.
So visiting http://dev.example.com will not show the page. since user apache has no access to it.
有人建议在收货后的挂钩内做一个短发.好吧,那么用户git需要是sudo.所以我添加了用户git作为sudoer.下一个问题是"抱歉,您必须有一个tty才能运行sudo "因此,我将#Default requiretty注释掉了,但是遇到了下一个问题.
Someone suggested to do a chown inside the post-receive hook. Well, then user git needs to be sudo. So I added user git as a sudoer. The next problem was "sorry, you must have a tty to run sudo" So I comment out #Default requiretty, but run into a next problem.
让git用户成为sudoer并不是我想要的(不安全),所以我将所有内容恢复为正常.
Making user git a sudoer is not what I wanted (not secure) so I changed everything back to normal.
还有其他更安全的方法可以尝试吗?
Are there other more secure options to try?
可能让接收后钩子触发dev文件夹内的php文件,而该php文件将执行结帐吗?
Probably let the post-receive hook trigger a php file inside dev folder and this php file will do the checkout?
或者我可以通过apache kan在浏览器中将dev文件夹符号链接到/home/git内的文件夹吗?
Or can I symlink the dev folder to a folder inside /home/git in a way apache kan show them in the browser?
推荐答案
已解决.
我的接收后钩子如下:
#!/bin/sh
echo "Deploying to http://dev.example.com"
GIT_WORK_TREE=/home/example/domains/example.com/public_html/dev git checkout -f
cd /home/example/domains/example.com/public_html/dev
find -type f -group 'git' -exec chmod 644 -R {} \;
find -type d -group 'git' -exec chmod 755 -R {} \;
只要不需要可写目录,此命令就起作用.否则,我必须将它们作为额外的chmod行添加到钩子脚本中
This will work as long as there are no writable directories needed. Otherwise I have to add them as extra chmod lines to the hook script
这篇关于git post-receive后更改所有权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!