Allow User 'git' to run 'git pull' as 'www-data' via sudo

I would like to allow git to run 'git pull' as user 'www-data'. As far as i understand

    git ALL=(www-data) git pull

in /etc/sudoers should make it.

Sadly i get an Syntax error for this line and visudo Syntax highlight breaks right after the "-" in 'www-data'

Can't find information regarding forbidden '-' in /etc/sudoers usernames. Any tips?


Solution 1:

You need to use full path name for 'git' command, following lines doesn't produce syntax error in visudo and works fine.

git ALL = (www-data) /usr/bin/git pull

Solution 2:

Notice that I'm using git username, so, if you are using gitosis or any other username, just fill in your's!

In console with root user execute this command:

visudo

The "vi" editor will be opened. Add these lines:

Defaults:git    !authenticate
git ALL=(www-data) ALL

In result the file (that is opened in "vi" editor by calling "visudo") should look like this:

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults    env_reset
Defaults:git    !authenticate

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
git ALL=(www-data) ALL


# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

Then press CTRL+O to save the file, then press Enter to accept the filename (bla bla bla), then press CTRL+X to close the "vi" editor.

Voila! Now git user can execute commands as www-data user:

sudo -u www-data git pull origin master