git post-receive后更改所有权 [英] Changing ownership after a git post-receive

问题描述

我有以下设置:

两个用户:example和git

Two users: example and git

在/home/git/repositories/project.git/hooks/post-receive 内部，我要结帐到/home/example/public_html/dev

因此，每次git推送时，项目文件都会发布到 http://dev.example.com

So with every git push, the project files are published to http://dev.example.com

问题是，签出是从git用户执行的，因此dev目录内的所有文件都由git:git拥有，权限为600.

The problem is, the checkout is performed from the git user, so all the files inside the dev directory are owned by git:git and the permissions are 600.

因此，访问 http://dev.example.com 不会显示该页面.因为用户apache无法访问它.

So visiting http://dev.example.com will not show the page. since user apache has no access to it.

有人建议在收货后的挂钩内做一个短发.好吧，那么用户git需要是sudo.所以我添加了用户git作为sudoer.下一个问题是"抱歉，您必须有一个tty才能运行sudo "因此，我将#Default requiretty注释掉了，但是遇到了下一个问题.

Someone suggested to do a chown inside the post-receive hook. Well, then user git needs to be sudo. So I added user git as a sudoer. The next problem was "sorry, you must have a tty to run sudo" So I comment out #Default requiretty, but run into a next problem.

让git用户成为sudoer并不是我想要的(不安全)，所以我将所有内容恢复为正常.

Making user git a sudoer is not what I wanted (not secure) so I changed everything back to normal.

还有其他更安全的方法可以尝试吗?

Are there other more secure options to try?

可能让接收后钩子触发dev文件夹内的php文件，而该php文件将执行结帐吗?

Probably let the post-receive hook trigger a php file inside dev folder and this php file will do the checkout?

或者我可以通过apache kan在浏览器中将dev文件夹符号链接到/home/git内的文件夹吗?

Or can I symlink the dev folder to a folder inside /home/git in a way apache kan show them in the browser?

推荐答案

已解决.

我的接收后钩子如下:

#!/bin/sh
echo "Deploying to http://dev.example.com"
GIT_WORK_TREE=/home/example/domains/example.com/public_html/dev git checkout -f
cd /home/example/domains/example.com/public_html/dev
find -type f -group 'git' -exec chmod 644 -R {} \;
find -type d -group 'git' -exec chmod 755 -R {} \;

只要不需要可写目录，此命令就起作用.否则，我必须将它们作为额外的chmod行添加到钩子脚本中

This will work as long as there are no writable directories needed. Otherwise I have to add them as extra chmod lines to the hook script

这篇关于git post-receive后更改所有权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！