Making www-data push to local git repo

Question

So, I'm creating a system which manages all the drupal websites that sit within a specific folder (new websites can be created in this folder).

The next step is to create a way to allow the user to revert the website to a prior version.

My solution? Create a local "git server" and for every action taken on my system (e.g.: update/install modules, upgrade the core, etc) I create a new version of that site.

I created a "git" user which is responsible for the creation of repositories on /~/gitrepos/. And for each new website, I use sudo -u git within apache user (www-data) to run mkdir and git init --bare. I'm currently able to create new folders and to initialize git repositories on those.

But when I try to push the website changes to those repositories, I get "Permission denied".

When a new site is detected, I do the following:

1. Create the repository [using www-data and sudo -u git]
   • mkdir and git init
2. Initialize the git repository (.git folder) on the website directory [using www-data]
   • git init
3. Add the files to the commit queue [using www-data]
   • git add *
4. Commit the changes to populate the newly created repository [using www-data]
   • git commit -m 'msg'
5. Add the remote address of the repository [using www-data]
   • git remote add origin ssh://git@localhost/path/to/repo/
6. Push changes [using www-data]
   • git push -u origin master

And now I'm stuck on this step, as I always get "Permission denied".

There's any way for me to push changes to a local "git server" without the need to authenticate?

Or yet, which ssh-keys I should create to enable www-data to push changes to the local "git server"?

I'm really lost here, if someone has a step-by-step way to setup a local "git server" in which the www-data user can push to, that would be great.

Note: the home directory for www-data is /var/www/, so it's not a good idea to store ssh-keys in this directory

---

Yes, I have spent at least 4 hours trying to figure this out before asking here.

Some of the resources I tried to follow:

• http://www.hackido.com/2010/01/installing-git-on-server-ubuntu-or.html
• http://toroid.org/ams/git-website-howto
• http://pthree.org/2008/11/28/setup-a-git-repository/
• Git-based website deployment workflow
• http://tumblr.intranation.com/post/766290565/how-set-up-your-own-private-git-server-linux
• http://blogs.gurulabs.com/aaron/2008/11/setup-a-git-repository.html

---

The reason why I quote "git server" is because there's no such thing as a git server.

Quote from http://blogs.gurulabs.com/aaron/2008/11/setup-a-git-repository.html :

In other words, there's no such thing as a "git server" and "git client". Git was developed by filesystem developers with filesystem attributes in mind. So, instead, we have a remote Git repository we call the "origin" and a local Git repository (...)

Answer 1

Solution:

Assumptions:

• Your www-data home directory is /var/www/
• The user that'll handle all git commands is gituser

Steps:

To make the www-data user push changes to the git repo without the need to type the password, just:

• Create a new ssh-key for the www-data user
  • www-data:~$ ssh-keygen -t rsa
  • press enter for every question (leave the password blank)
• Add the newly created ssh-key onto /home/gituser/.ssh/authorized_keys
  • gituser:~$ touch ~/.ssh/authorized_keys
  • gituser:~$ chmod 0600 ~/.ssh/authorized_keys
  • gituser:~$ cat /var/www/.ssh/id_rsa.pub >> /home/gituser/.ssh/authorized_keys

The idea behind that, is to add www-data's ssh-key to gituser's "trusted" keys. After that, www-data will be able to connect to the server via ssh and authenticate as gituser without the need to type the password.

Remember that git requires ssh access to the server (at least on the environment that I'm at).

This might help: http://www.linuxproblem.org/art_9.html