Using git clone for a website on shared hosting (letting all team members of a repository pull the latest repo to the server where the website lies)

Question

I use a bitbucket repository for a simple html website. I now have a server where that website lies and I want to be able to make a pull to update the website so it represents the latest bitbucket repo. So I went to the server via SSH and cloned the repo. The user who cloned it can of course pull changes but other team members can't. How can I fix that?

by having a dedicated www user and using that for this kind of activity, which you should be having for a web site anyway. — eis, Aug 17 '17 at 07:08
do you mean a www-user in the bitbucket repo? And just share the password with the team? — SVARTBERG, Aug 17 '17 at 07:41

eis · Answer 1 · 2017-08-21T07:00:29.000

0

By having a dedicated www user and using that for this kind of activity. WWW-user you should be have for a web site anyway. You might want to add only read rights to that user, not push rights, if possible.

do you mean a www-user in the bitbucket repo? And just share the password with the team?

Don't share a password, provide www-user sudo access to team members.

Specific steps what I suggest:

create a user on the bitbucket, like "www-data"
if you don't have separate www user running your web site (installing web server from package management should have created it for you, but if you installed your web server manually, it might be that this was not done): create a user account and group "www-data" on the www server and configure that user to run your web site. The user might also be called "apache" or similar, the point is that it is a username that is only running your web server.
do sudo -u www-data bash (replace www-data with your web user explained in step 2) using root user and clone/configure the bitbucket repo checkout for user you created in step 1
add your team members to sudoers file like userusername ALL=(www-data) /usr/bin/git, which will allow username listed to be able to use user "www-data" and run command "git" with it (syntax of sudoers file is explained in this thread: each user gets his own line in the file)
whenever someone from your team wants to update your site, he would do go to repository folder and run sudo -u www-data git pull or similar (discussed in more detail in this thread)

As to "why not just create a user on bitbucket and share that with the group", you'll get this problem - your files would be owned by whoever would do the checkout. If you want to go that way, you'll need to go for one of the solutions mentioned there. The approach I propose in this answer is inviting less problems IMO.

edited Aug 21 '17 at 07:00

answered Aug 17 '17 at 08:52

eis

51,991
13
150
199

Sorry, I might not understand. Are we talking about the bitbucket-side or about the ssh-side? All of the user have full ssh access to the web root already. – SVARTBERG Aug 17 '17 at 10:11
@SVARTBERG I wasn't talking about web root, I was talking about www user. As, you know, the user account that you use to run your site. So I'm talking about ssh-side, though *both* ssh and bitbucket should have separate user for that. – eis Aug 17 '17 at 10:37
thanks for your answers. Do you have any further advice on where I can read about how to set that up? – SVARTBERG Aug 18 '17 at 07:26
@SVARTBERG depends on your operating system and web server. For ubuntu and debian and apache, if you've installed the web server in a normal way through the package management, the apache user is www-data:www-data and that is automatically created on install. – eis Aug 18 '17 at 10:30
I guess I dont get it. All team members have access to the server via ssh, but "git pull" doesnt work as is tries to pull via the bitbucket user I cloned the repository with on the server. – SVARTBERG Aug 21 '17 at 06:03
@SVARTBERG like I said I was talking about the ssh side of things. You would also want to have a user on the bitbucket end created that you can use for cloning by any member of your team. – eis Aug 21 '17 at 06:14
@SVARTBERG added some more steps to my answer – eis Aug 21 '17 at 06:39
Thanks. Sadly, We have no full acces so we can't add sudoers. So your solutions wont work for me, correct? – SVARTBERG Aug 21 '17 at 09:18
@SVARTBERG it depends on what access you do have then? It seems strange you don't have full access to your www server. (note: this is crucial information to be added to the question, as it severely limits your options.) – eis Aug 21 '17 at 11:20
Its uberspace, shared hosting.(btw... how to edit the question?) – SVARTBERG Aug 22 '17 at 07:21
@SVARTBERG hit the "edit" button below the question. I think you need to contact Uberspace then to see what options they provide. – eis Aug 22 '17 at 08:10
Yeah, already did that, but they suggested to create a bitbucket account for the uberspace that all developers who should be able to update the website share. Thanks for your answers. – SVARTBERG Aug 23 '17 at 06:04

Using git clone for a website on shared hosting (letting all team members of a repository pull the latest repo to the server where the website lies)

1 Answers1