I would like to allow PHP to execute a Git pull command. But there are some problems with the user and permissions. How did you solve the problem?
PHP runs as user www-data. Therefore I've changed the .git directory owner/group to www-data (
chown www-data:www-data -R .git). As it is turned out later www-data has no SSH keys. Is it a good idea to give it one? If yes where to place? Or is it possible to allow it to use a specific key.
Best regards, Bernd
How often do you have to do pull? You can make a cronjob (every 30 minutes or so) for your git user that checks a certain file. If that file has a 1 or in it, it makes a pull. You can give your git user and your www-data user access to this file. PHP writes a 1 into the file -> cronjob (crontab entry of git user) checks if a 1 is in the file -> cronjob clears the 1 -> git makes pull -> and so on This is a secure way with a little delay (cycle of cronjob). PS: dont forgot to clear the 1.
If it was me I would do just about the same thing but I would have the cron job run as a root or another use on the system that has shell access. I think the main reason that www-data is unable to do anything is because it lacks shell access. Just like DrDol said run a cron job every now and then that will make a git pull feel free to overwrite your last pull with the new one if you are getting errors its because ur make a page request in the middle of a pull it may then be best to have each pull go into a folder and that folder then be renamed to the folder www-data is working with, just after that folder gets renamed to something else and then deleted after the new working dir has been renamed.
I'd suggest you give the www-data user it's own copy of the git repo, and it's own SSH key. You can then use Gitolite (or similar) to ensure that it only has read access to the repo. Giving www-data access to your primary repo is not really a great idea.