Skip to content

Instantly share code, notes, and snippets.

@RobFreiburger
Created July 19, 2012 04:55
Show Gist options
  • Save RobFreiburger/3140839 to your computer and use it in GitHub Desktop.
Save RobFreiburger/3140839 to your computer and use it in GitHub Desktop.
(Securely) Managing a Website using git

Daniel Miessler's directions are very good for setting up git to manage a website. However, they make the assumption that the user pushing the code is the same user that can publish websites. On shared hosting this is probably the case. On dedicated hosting it's probably not. If you're using OS X's built-in Apache server, it's definitely not. The user www has proper rights, and by default it isn't an ssh-able account. So you have to make some modifications to his directions.

Step 4a. Make a git group

  1. Create a group named git. This group contains all users that have permission to read and write to the git repo. In OS X, you can do this via Accounts in System Preferences.
  2. Add users to the group. In OS X, you can use dseditgroup to add non-visible users like www to the group.

Step 5a. Change the repo's permissions

  1. sudo chown :git /path/to/repo
  2. sudo chmod g=rwx /path/to/repo

Step 6a. Edit sudoers file

  1. sudo visudo
  2. Add USER ALL = (www) NOPASSWD: /path/to/git. Explained: USER is the user that logins in and pushes to the git repo, ALL is all machines, (www) is the user that the command can be run as, NOPASSWD: requires no password to be entered when sudo is called, /path/to/git is your path to your git binary (in most cases, /usr/bin/git; use which git to find it).

Step 7. Make checkout hook

/usr/bin/sudo -u USER /path/to/git --work-dir=/path/to/checkout checkout -f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment