0

I prepared a PHP script that runs 

shell_exec("git pull");

it was supposed to be a webhook for git repo run everytime there are changes pushed to the remote. After execution nothing happens, I get an empty response.

I changed the directories owner to "apache" (repo was cloned as "apache"). I've generated a key and uploaded it to bitbucket. It seems to work correctly, when I run

# sudo -u apache git pull

it works perfectly. Doesn't prompt with anything.

when I run

shell_exec("whoami");

I get "apache".

Is it possible that php is blocking git pull? When I run other git commands (like git status), I get the response.

UPDATE

when I do 

shell_exec("git pull 2>&1");

it says

error: cannot open .git/FETCH_HEAD: Permission denied

I'm confused. I'm sure .git dirs and subdirs owner is apache and it has right priviliges to go...

UPDATE #2

I run 

shell_exec("git --work-tree=/path/to/repo --git-dir=/path/to/repo/.git pull 2>&1");

and it still says

error: cannot open /path/to/repo/.git/FETCH_HEAD: Permission denied

no way! /path/to/repo/.git/FETCH_HEAD is readable by everyone!

I'm well confused.

hopsey
  • 1,383
  • 1
  • 13
  • 23
  • Try this http://stackoverflow.com/questions/13195814/trying-to-git-pull-with-error-cannot-open-git-fetch-head-permission-denied – Joao Vitorino May 25 '16 at 15:35

2 Answers2

0

The folder needs to be writable also because pulling will actually write data. You can change the owner to apache if it's a web site repo(and you are using apache group or user as owner of the www root).

Ivan Kovachev
  • 402
  • 5
  • 12
  • thank you Ivan, but this was the very first thing I did. all of the project workspace's owner is apache (it was clonned by this user) and I even changed .git directory (chmod -R 0777 .git) permissions to 0777. and it still says Permission denied. – hopsey May 25 '16 at 11:51
  • Try copying the repo to another folder and chmod it to 0777(the whole repo folder is written upon) to test it out. There may be some misconfiguration and your scripts may not be executed under the same user as the folder owner. – Ivan Kovachev May 25 '16 at 11:54
  • Did that, put 0777 for the whole repo with no luck, still getting Permission denied :( It must be a problem with git – hopsey May 25 '16 at 12:21
  • It can't be a git issue. Changing the repo owner to be www-data fixed it for me although my httpd executes under www-user(which is in www-data group). – Ivan Kovachev May 25 '16 at 12:31
  • Is it possible that git is trying to open some other file? it is not possible that the whole repo has 0777 and it could not be opened. – hopsey May 25 '16 at 12:44
  • No, git is operating only in the repo folder. Can you list some example files/folders from the repo with permission data with "ls -l". This may help solve the issue. – Ivan Kovachev May 25 '16 at 12:58
  • Did you chmod with sudo? Also apply 777 not 0777. So "sudo chmod -R 777 /path/to/repo" – Ivan Kovachev May 25 '16 at 13:15
  • no luck :( probably I will leave it and go with bash script run by cron :( – hopsey May 25 '16 at 13:38
  • found the answer, selinux was the problem. – hopsey May 27 '16 at 17:53
0

Found it!

After spending many, many hours on trying to solve this problem, I found the answer.

SELinux was the problem. One simple command solved it

sudo setenforce 0

all working now!

hopsey
  • 1,383
  • 1
  • 13
  • 23
  • This disables Selinux and the security it provides, since i don't know the specific setup. i cannot say much about this, but look at this link instead to fix that problem in general. https://blog.lysender.com/2015/07/centos-7-selinux-php-apache-cannot-writeaccess-file-no-matter-what/ # SELinux serve files off Apache, resursive sudo chcon -t httpd_sys_content_t /data/www/html/sites/mysite -R sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite/logs -R sudo chcon -t httpd_sys_rw_content_t /data/www/html/sites/mysite/uploads -R Probably set execution selinux context also – cognacc Apr 30 '20 at 13:45