Menu
I'm trying to set up a git post-receive hook such that when a commit is received, another clone of the repository on the machine gets updated (i.e. does a git pull origin master). I'm using gitosis to serve the repository and as such I believe a post-receive hook will be run as the gitosis user, whereas the repository I want to update on a receive is owned by www-data. How should I go about doing this?
I've heard about setuid scripts but I'm not sure whether this might be a security risk? And if it's not a security risk, how would I go about doing this? I'm guessing I would do something like make the script owned by www-data and make it world-executable and enable the setuid bit? I guess this script would be pretty much harmless since all it does is update the repository, but I want to be sure. Thanks!
Edit: Is there any way to do this using sudo? Would that be more secure than setuid? I mean, I don't think there's much issue with setuid if the user isn't root, but all the same it seems like I'd have to jump through a few hoops to get a setuid script to run.
Second edit: It seems like I might be able to do this with some /etc/sudoers magic and sudo -u. Perhaps I should have posted this on ServerFault instead, but at least I've learned a bit from this endeavor.
797
git/hooks directory isn't cloned with the rest of your project, nor is it under version control. A simple solution to both of these problems is to store your hooks in the actual project directory (above the . git directory). This lets you edit them like any other version-controlled file.
The pre-commit hook is run first, before you even type in a commit message. It's used to inspect the snapshot that's about to be committed, to see if you've forgotten something, to make sure tests run, or to examine whatever you need to inspect in the code.
Open a terminal window by using option + T in GitKraken Client. Once the terminal windows is open, change directory to . git/hooks . Then use the command chmod +x pre-commit to make the pre-commit file executable.
Git hooks are scripts that Git executes before or after commit, push, and receive. Setting up a Git hook makes your development and deployment easy. In this article, you will learn how to create a post-receive Git hook that executes when you use the git push command.
IMHO This should be on serverfault, but here's the answer nevertheless;
Add:
gitosis ALL=(www-data) NOPASSWD: /path/to/git
to /etc/sudoers
and run the command as sudo -u www-data <whatever the command is>
128
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
