Search code examples
linuxgitnginxpermissionsgitolite

Failed to archieve Gitolite (Git) and nginx webserver access webspace at the same time



Starting point:

  • Ubuntu 20.04
  • Gitolite (/home/git/)
  • Webspace /var/www/webspace (usually owned by www-data:www-data)
  • Git user (in www-data group and also tried without beeing in group)

I want to update the webspace as git user with post-receive to a www-data directory. I had it archived before I installed Gitolite, but it doesn't seem to work the same way as it did before (or I am missing something). To make it clear: post-receive is executed after pushing (which it's normally not on Gitolite) ... was a hard time too to archive that.

Edit: To make it clear: I want to archive that Git and www-data can access and modify the same files.


What Ive tried:

  • chmod 777 -R /var/www/webspace (after this git can access but nginx returns with 403?)
  • Adding Git-User to www-data group
  • chown www-data:git -R /var/www/webspace
  • chown git:www-data -R /var/www/webspace
  • chown git:git -R /var/www/webspace
  • chown www-data:www-data -R /var/www/webspace (with and without git inside group)(with and without 777)
  • Executing post-receive manually (Operation not permitted)
  • Executing post-receive manually as root (well ... works of course, but thats not the point)
  • ... maybe also some steps more which Im maybe missing rn

What Ive noticed so far:

  • On the contrary to Git, Gitolite checks the repo out with -rw------ (If i remember correctly), maybe that is why its not working with gitolite but with Git

The code (not that it would be important, but just to list everything):

  • post-receive
    #!/bin/sh
    GIT_WORK_TREE=/var/www/webspace git checkout -f

Maybe Im just missing something, but please help me.


Solution

  • Add user (git in my case) to group of webspace (www-data for me)

    sudo usermod -a -G www-data git 
    

    If you were logged in as user logout to reload the group.

    logout
    #or
    exit
    #or
    CTRL+A+D
    

    (If you want to recheck the group login as this user and type "groups" to see the groups the user is in)


    Make sure the webspace is owned by the correct group. For me:

    sudo chown www-data:www-data -R /var/www/webspace
    

    (If you want to recheck this you can go in the directory and type "ls -g")


    In my case I had to modify my "post-receive" a bit, because the permissions were always -rw----- after checking out, so here is my "post-receive":

    #!/bin/sh
    GIT_WORK_TREE=/var/www/webspace git checkout -f    #default line to checkout
    chmod -R a+r /var/www/webspace     #added by me because of permission issues
    

    For convenience I had my "post-receive" in the repo directory (/home/git/repositories/repo/hooks/post-receive). The docs tell you to create a new folder (/home/git/local/specific-hooks/repo/post-receive (but they tell to name it on your own))

    *All paths, names, groups and permissions written above only apply to me. They may differ for you installation.


    What really solved my problem:

    • Logout after you change groups
    • Change permission (chmod) in post-receive