On Wed, 2 Oct 2013 02:41:40 -0700 (PDT) Maximus Fedorov <stm32...@gmail.com> wrote:
> Set up gitosis, and it turns out that all users are working on behalf > of one member gituser. And every time the updated files in the > repository that triggered the post-retseive: > > #! / bin / bash > read oldrev newrev refname > echo "REFNAME: $ refname" > echo "********" > if [$ refname == "refs / heads / master"] > then > cd / var / www / siteA > unset GIT_DIR > git pull origin master > echo "YOU SEND COMMIT TO *** $ refname ***" > fi > echo "Done" > > and after that, the updated files changes owner. And it is necessary > to leave The short answer: Git is not a deployment tool; Gitosis, being a front-end to Git is even less so. You have to implement a proper deployment scheme instead. The long answer. In your particular case `git pull` supposedly re-creates certain (updated) files in the work tree and since the session doing this runs with the credentials of the gitosis process, these files have their owner set to that from the credentials. You can remedy the situation by changing these credentials. A straightforward way to do this is to install sudo to the server and configure it to allow the user gitosis to run a deployment program with someone other's credentials (typically, www-data) *without asking for password.* How to implement this is beyond the scope of this discussion, but it should be noted that you *must not* just call `git pull` with modified privileges: the reason is that `git pull` not just updates files the work tree but the Git database itself, and these changes have to be done using the initial credentials (gitosis). A way to go then is to stop using `git pull` (why are you using it for this task anyway?) and instead turn to plumbing Git tools: `git read-tree` followed by `git checkout-index`; both should supposedly operate on a separate index file (created somewhere, possibly in a temporary directory using `mktemp`) made available to them using the GIT_INDEX_FILE environment variable. A sketch: cd /var/www/siteA export GIT_INDEX_FILE=`mktemp siteA.XXXXXXXX` trap "rm -f '$GIT_INDEX_FILE'" INT TERM QUIT EXIT git read-tree HEAD git checkout-index -a -f This code should be put into a script and *that* script should be made executable using `sudo` as explained above. An alternative is to allow the user gitosis to run /bin/sh as another user and just use a "here document": sudo www-data /bin/sh <<-EOF cd /var/www/siteA export GIT_INDEX_FILE=`mktemp siteA.XXXXXXXX` trap "rm -f '$GIT_INDEX_FILE'" INT TERM QUIT EXIT git read-tree HEAD git checkout-index -a -f EOF See the git-read-tree, git-checkout-index and git manual pages (the latter explains the environment variables Git tools understand). -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.