On Wed, 2 Oct 2013 02:41:40 -0700 (PDT)
Maximus Fedorov <stm32...@gmail.com> wrote:

> Set up gitosis, and it turns out that all users are working on behalf
> of one member gituser. And every time the updated files in the
> repository that triggered the post-retseive:
> #! / bin / bash
> read oldrev newrev refname
> echo "REFNAME: $ refname"
> echo "********"
> if [$ refname == "refs / heads / master"]
> then
>          cd / var / www / siteA
>          unset GIT_DIR
>          git pull origin master
>          echo "YOU SEND COMMIT TO *** $ refname ***"
> fi
> echo "Done"
> and after that, the updated files changes owner. And it is necessary
> to leave

The short answer: Git is not a deployment tool; Gitosis, being a
front-end to Git is even less so.  You have to implement a proper
deployment scheme instead.

The long answer.

In your particular case `git pull` supposedly re-creates certain
(updated) files in the work tree and since the session doing this runs
with the credentials of the gitosis process, these files have their
owner set to that from the credentials.  You can remedy the situation by
changing these credentials.

A straightforward way to do this is to install sudo to the server and
configure it to allow the user gitosis to run a deployment program with
someone other's credentials (typically, www-data) *without asking for
password.*  How to implement this is beyond the scope of this
discussion, but it should be noted that you *must not* just call `git
pull` with modified privileges: the reason is that `git pull` not just
updates files the work tree but the Git database itself, and these
changes have to be done using the initial credentials (gitosis).

A way to go then is to stop using `git pull` (why are you using it for
this task anyway?) and instead turn to plumbing Git tools:
`git read-tree` followed by `git checkout-index`; both should
supposedly operate on a separate index file (created somewhere,
possibly in a temporary directory using `mktemp`) made available to
them using the GIT_INDEX_FILE environment variable.
A sketch:

cd /var/www/siteA
export GIT_INDEX_FILE=`mktemp siteA.XXXXXXXX`
git read-tree HEAD
git checkout-index -a -f

This code should be put into a script and *that* script should be made
executable using `sudo` as explained above.
An alternative is to allow the user gitosis to run /bin/sh as another
user and just use a "here document":

sudo www-data /bin/sh <<-EOF
        cd /var/www/siteA
        export GIT_INDEX_FILE=`mktemp siteA.XXXXXXXX`
        trap "rm -f '$GIT_INDEX_FILE'" INT TERM QUIT EXIT
        git read-tree HEAD
        git checkout-index -a -f

See the git-read-tree, git-checkout-index and git manual pages (the
latter explains the environment variables Git tools understand).

You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to