Running git pull from a php script

git ssh apache-2.2 permissions php

I was trying the Perfect Workflow, with Git, GitHub, and SSH, but it seems i can't run git pull. I've tried git status and it's fine.

When i git pull 2>&1 i get:

error: cannot open .git/FETCH_HEAD: Permission denied

I tried to chmod .git dir to 777 with no luck.

When i run whoami from the browser it shows me: apache

--- EDIT ---

I just did chown apache:apache -R .git and now i get:

Could not create directory '/.ssh'. Host key verification failed. fatal: The remote end hung up unexpectedly


Could not create directory '/.ssh'. Host key verification failed. fatal: The remote end hung up unexpectedly

Read and consider your error message. Host keys are stored in the ~/.ssh/known_hosts file. Your Apache user has "/" as its home directory, and it definitely doesn't and shouldn't have write access to the root.

I suggest that you create a user account for this... maybe gitpull-user or something. Make sure it has a usable home directory, even if it's somewhere atypical. Login as that user and create a shell script that accomplishes what you're trying to do as that user. Of course, you'll also have to copy your appropriate id_rsa key to the user's account, etc.

Configure sudo to launch that script by adding this line to /etc/sudoers

apache ALL = (gitpull-user) NOPASSWD: /path/to/script.sh`

and also if you're having "No TTY" issues:

Defaults:apache !requiretty

Change your PHP script to call sudo -u gitpull-user ./script.sh

It would be possible to change Apache's home directory to a "real" location and just drop the key in there, but that would expose a risk where your data would have to be owned by apache and the key could be read if the daemon were compromised. Establishing a second user provides a level of isolation.

Related

IBM ServeRAID: how to use email alerts?
NSClient++ returns 'Connection Refused'
Choosing Windows Small Biz Server Version (2008/11 and Standard/Essentials)?
Snapshots == EBS backed instance, persistence, and S3 storage?
Powershell: lastLogonTimestamp blank for some users
Fail2Ban - how to prevent my ISP IP dynamic get banned?
Can I drop SSH connections after five seconds?
What are best-practices for running Windows Update on a Hyper-V server with running VM's?
Skype Connect as SIP/Trunk for Asterisk
Proxy all requests for subdomain to an ip via htaccess/apache
RSync over SSH hangs and fails with timeout
Iptables - Redirect outbound traffic on a port to inbound traffic on 127.0.0.1