1

I was hoping someone could help, I have a PHP page which uses shell_exec to zip up a directory and run git pull to bring down recent repository changes. 

$op = shell_exec("cd /home/user/git/$repo/$dir/; zip -r /home/user/archives/$dir.$datestamp.zip $dir; cd /home/user/git/$repo/$dir/; git pull");

The zip works fine. If I change git pull to for example git log or git status - within my shell_exec, this works also, and I can see the log file.

Just doesn't seem to like git pull.

I saw another similar post to this, but wasn't sure how it was achieved >> Shell_exec with git pull?

Community
  • 1
  • 1
williamsowen
  • 477
  • 1
  • 7
  • 22
  • What is the output with `git pull` ? Have you tried `git pull origin master` or whatever the names of your branches/remotes are ? – Artefact2 Feb 28 '11 at 15:45
  • Hi there.. `git pull` doesn't return anything unfortunately, neither does `git pull origin master` - very strange. – williamsowen Feb 28 '11 at 15:50
  • The answer to the other question you mentioned was that there were permission problems, which seems plausible here in that the `git log` and `git status` don't need to write to the repository, whereas `git pull` would. To investigate this, I would change your `git pull` to `touch /tmp/whatever` and then use `ls -l /tmp/whatever` to find the user and group that owns the file - that'll tell you what user the `shell_exec` command is being run as. If you can't write to the repository directory as that user, that would explain why `git pull` fails... – Mark Longair Feb 28 '11 at 16:05
  • ah, it's attempting to pull via the `apache` user, any idea how I can alter this, to use a specific user instead.. Think that's the problem! Cheers again – williamsowen Feb 28 '11 at 17:07
  • A collection of considerations when attempting to run `git pull` from php ... http://jondavidjohn.com/b/7m – jondavidjohn Oct 05 '12 at 21:38
  • Please check out this workaround that might be usefull for you: https://stackoverflow.com/questions/9978400/git-auto-pull-from-repository/67889529#67889529 – DrBeco Jun 08 '21 at 15:00

1 Answers1

4

From your description in the comments it seems that the problem is that your apache user cannot write to the repository, which is clearly required when you use git pull. You have two courses of action:

  1. Setup up Apache to run the script as another user (e.g. using suEXEC either on a VirtualHost or via userdir)
  2. Change the permissions on your repository so the apache user can write to it

You should think carefully about the security implications of either choice, but the second option is probably easiest. If you don't already have such a group, you can create it with:

addgroup gitwriters

... and then add yourself and the Apache user to this group:

adduser [yourusername] gitwriters
adduser apache gitwriters

Then you can follow the instructions in another question to change the permissions on the repository. To reiterate those with some slight variations:

# Recursively, set the group ownership of every file and directory of your repository:
chgrp -R gitwriters /path/to/your/repo

# Recursively, make every file and directory of your repository readable and writable
# by the group:
chmod -R g+rw /path/to/your/repo

# Recursively, set the setgid of every directory in the repository.  The setgid bit
# on directories means that files created in the directory will have the same group
# ownership as the directory.  
find /path/to/your/repo -type d -print0 | xargs -0 chmod g+s

Then hopefully your git pull should work.

Community
  • 1
  • 1
Mark Longair
  • 446,582
  • 72
  • 411
  • 327
  • Cheers Mark for your help on this. I've followed what you said, currently I have this: `ip-xx-xxx-xx-xxx ~: id apache uid=48(apache) gid=48(apache) groups=48(apache),10(wheel),501(gitwriters)` However when executing `git pull` it's still being run as apache under apache group.. Is there way to alter the default group - if that makes sense! Apologies, quite new to all this, cheers again. – williamsowen Mar 01 '11 at 12:11
  • @williamsowen: Yes, if you've followed approach 2, you're not changing the user that the PHP code is being run as, you're just making that user (as well as your usual user account) able to write to the repository. Do you definitely need to have it running as a different user? If so, you'll need to look into approach 1. – Mark Longair Mar 01 '11 at 12:22