I have a PHP file, hook.php, that looks like this:
<?php
`cd .. && git pull`;
The file is located in /var/www/oliverash.me/site/. However, the git repository that needs to be pulled is /var/www/oliverash.me/. ./site is the folder Apache looks to as the document root.
When I run the file in my browser, it does not seem to be pulling the repository.
I have also tried to echo the result, but the page is blank.
<?php
echo `cd .. && git pull`;
I can't post a comment in reply to you, but I am assuming that you are running a *nix system. You will be getting a permission denied if your apache/php daemons don't have permission to access .git/. You can change the owner/group of the .git/ directory recursively. Or do a chmod -R o+rw .git/* to give everyone (ie, not owner, not group) access to read and write in the git directory, which should clear up the permissions error that you are getting.
EDIT Just re-read the question, so what follows probably isn't needed, but leaving it just in case.
Though, doing that, you need to keep in mind that anyone with access to your server will be able to go to http://myurl/.git/ etc to access those. So as a security precaution, I would add a .htaccess file like:
order deny, allow
deny from all
in the.git directory so that apache will deny access from a web browser to everything in there.
error_log: Could not create directory '/var/www/.ssh'.^M Host key verification failed.^M fatal: The remote end hung up unexpectedly –
Dentistry mkdir /var/www/.ssh then chmod o+rw /var/www/.ssh to set up the .ssh directory with access for all. Let me know what errors you may get after that. That should help solve the first two, and hopefully it will solve the last one since the Host key should be able to be verified after. –
Gilcrest Host key verification failed.^M fatal: The remote end hung up unexpectedly. Why did it want a .ssh in www? –
Dentistry .ssh as apache's 'home' directory. What happens when you run the command from the command line? I am assuming it works correctly, but checking just in case. If it works fine, you should be able to resolve it by copying from your ~/.ssh in to /var/www/.ssh and doing a chmod 0+r * inside that directory. –
Gilcrest fatal: Unable to create '/var/www/oliverash.me/.git/ORIG_HEAD.lock': Permission denied. Should I chmod o+r* /var/www/oliverash.me? –
Dentistry /var/www/oliverash.me/ should already be o+r, but doing chmod o+rw /var/www/oliverash.me/.git should solve that. –
Gilcrest /root/.ssh to /var/www/.ssh, running chmod o+r * inside of .ssh, and then finally chmod o+rw /var/www/oliverash.me/.git. I think I can see why this was necessary – the git pull command worked through SSH because I was logged in as root, and that account had the SSH keys necessary for the git remote. The apache user didn’t. Is that right? –
Dentistry /etc/sudoers. I think this means I won’t have to worry about permissions on .git on future projects. –
Dentistry git pull only gets so far, however, as these errors are now appearing in my error_log: hastebin.com/fimuloloru.coffee. –
Dentistry sudoers would work, but for the most part, you never want your web service to have permission to run anything as the root user. It would be better to add your apache user to a group that you give +rw access to directories with. Though, since you created the symbolic link with .ssh you should have any more issue with other projects as well - just make sure you +rw the new .git directories that you end up creating. –
Gilcrest chmod o+rw /var/www/oliverash.me to solve this new error? –
Dentistry chmod -R o+rw to the base directory that git is using. –
Gilcrest -R before the o+rw –
Gilcrest You've certainly got a permissions issue, maybe a couple.
Host that's the remote, a User to use to login, and an Identity that is the path to the private key that the remote will allow to ssh in and do the pull.apache user or the www user? –
Dentistry whoami command outputs the username, that is apache in your case, the /var/www directory is the that user's home-directory. –
Predation apache ALL = (root) /usr/bin/git pull to /etc/sudoers. Still getting the same error in my error_log: sudo: sorry, you must have a tty to run sudo. Here’s my most recent hook.php. –
Dentistry create webhook.php in the root or anywhere from where you can access it
$result = exec("cd /path/to/repo && git pull origin branch");
make sure the permission is 775 and user of your file and your site directory is www-data owner
You are having a problem with the user here that is executing the command.
According to your various comments, the system commands are executed as the user named apache (homedir is /var/www). You can verify this by running the whoami command from within your PHP script:
<?php echo `whoami`;
That user named apache is commonly the user your webserver runs under, which then runs PHP which then runs the shell commands.
Obviously you want to run the command as some other user, but you have not shared so far the information which one.
Run the shell command under the right user and the problem should go away.
On a linux system, the command to run other commands under a different user is called sudo, another one su:
Alternatively you can make use of suexec to execute PHP under a different user than the webserver user.
In any case you need to ensure that you have a user that is able to execute the git command. I have no clue how you tested that on your own, best way I know is to ssh into the server box, do the git pull manually and collect the needed data like user-name, homedirectory etc. .
whoami returns apache. If I precede the command with sudo, then I get the following error in my error_log: sudo: sorry, you must have a tty to run sudo –
Dentistry © 2022 - 2024 — McMap. All rights reserved.
echocd .. && pwd`` and that seemed to work fine, but I’m not sure if safe mode being enabled would restrict me from doing that. I’ll have a look and post back here when I’ve found out. – Dentistryerror: cannot open .git/FETCH_HEAD: Permission denied? – Dentistry