1

I'm currently building a ubuntu (10.0.4 LTS) server on a VPS to host a WordPress based website.

I've got gitosis installed to host the remote repository and what I would like to do is plugin to the post receive hook to update the WordPress theme when I git push.

I'm getting a bit confused with users and permissions. As when we I run git pull the files in /var/www will be owned by the git user. Ideally I would like all files in the /var/www to be owned by the same user as I think this would be safer?

I've currently got the /var/www folder owned my the www-data user, after some reading I've realised this is not the best thing to do. I need a bit of help working out the best plan of action for this?

simon
  • 73
  • 1
  • 8

1 Answers1

2

From the comments:

I wouldn't use gitosis for that kind of fine-grained control:

  • gitosis is obsolete and not moving since 2009 (even though some forks are still a bit active)
  • This comment and that question illustrate that most features are easier to do with Gitolite.

So, with Gitolite:

The umask use for the Git repo checked out by the git user within a gitolite environment will be the one described in the doc section "most often used/changed variables"

The default UMASK that gitolite uses makes all the repos and their contents have rwx------ permissions. People who want to run gitweb realise that this will not do.

The correct way to deal with this is to give this variable a value like 0027 (note the syntax: the leading 0 is required), and then make the user running the webserver (apache, www-data, whatever) a member of the 'git' group.

If you've already installed gitolite then existing files will have to be fixed up manually (for a umask or 0027, that would be chmod -R g+rX).
This is because umask only affects permissions on newly created files, not existing ones.

From there, you can follow "install gitolite under "apache"".

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Sorry are you suggesting that I should use gitolite over gitosis. I would rather stick to gitosis as I've used it before. – simon Mar 29 '12 at 15:55
  • 1
    @simon: sorry I didn't see gitosis. Yes. use Gitolite. Gitosis is hopelessly obsolete. See comments of http://stackoverflow.com/a/7592421/6309 or see this question http://stackoverflow.com/questions/7591958/how-to-change-gitosis-default-search-path – VonC Mar 29 '12 at 16:16
  • I'm having some trouble getting Gitolite working. I created a user called git and then cloned Gitolite from github, checked out the g3 branch. I ran the install which created the 2 repos. I could clone the admin repo from git@server:repositories/gitolite-admin.git/ but after reading this http://stackoverflow.com/questions/5233058/gitolite-push-error-remote-env-gl-rc-not-set I think this was because the git user had ssh access. I have now removed the /home/git/.ssh/ folder and can't clone from git@server:repositories/gitolite-admin.git/ or git@server:gitolite-admin.git – simon Mar 30 '12 at 10:45
  • @simon The question you mention (and that I answered) isn't about removing ssh. ssh is very much useful for Gitolite. It is about **not using the full local path of a repo**: `git@server:repositories/gitolite-admin.git` is bad. `git@server:gitolite-admin` is better: no '`repositories`'. – VonC Mar 30 '12 at 10:53
  • Ok sorry I must have misunderstood, so shall I add the public key back to /home/git/.ssh/? – simon Mar 30 '12 at 10:56
  • I've added the public key back to authorized_keys and when I run git clone git@server:gitolite-admin on my local machine I get fatal: 'gitolite-admin' does not appear to be a git repository fatal: The remote end hung up unexpectedly? – simon Mar 30 '12 at 11:04
  • @simon did you install gitolite like I did in my gitolite installation script? (https://github.com/VonC/compileEverything/blob/master/gitolite/install_or_update_gitolite.sh) – VonC Mar 30 '12 at 11:47
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/9508/discussion-between-simon-and-vonc) – simon Mar 30 '12 at 14:15