Git WebHook will not pull (PHP)

Question

I have a PHP file, hook.php, that looks like this:

The file is located in /var/www/ol

Answer 1

You've certainly got a permissions issue, maybe a couple.

1. The php page is going to execute as the apache user
2. That user must be able to write to the git repo in question
3. That user must be able to do the pull in question
4. You didn't specify what the source of the pull is, but if it's, for instance, a git: or ssh: repo, then that user will need perms (keys, username/password, whatever) to access the remote to do the pull from.
5. Just saw that it wants /var/www/.ssh - so you're using a ssh:// remote, which is fine, but since it's running as user apache (/var/www is user apache's homedir), it's looking for keys in /var/www/.ssh, which it's not finding, hence the failure. Solutions:
   1. use sudo to switch to a user that does have perms and run the git pull as that user (in your php, do 'sudo git pull', and in your /etc/sudoers put a line allowing user apache to run the 'git pull' command)
   2. set up a .ssh/config file that specifies a Host that's the remote, a User to use to login, and an Identity that is the path to the private key that the remote will allow to ssh in and do the pull.

Answer 2

You are having a problem with the user here that is executing the command.

According to your various comments, the system commands are executed as the user named apache (homedir is /var/www). You can verify this by running the whoami command from within your PHP script:

<?php echo `whoami`;

That user named apache is commonly the user your webserver runs under, which then runs PHP which then runs the shell commands.

Obviously you want to run the command as some other user, but you have not shared so far the information which one.

Run the shell command under the right user and the problem should go away.

On a linux system, the command to run other commands under a different user is called sudo, another one su:

• sudo(8) - Linux man page
• su(1) - Linux man page

Alternatively you can make use of suexec to execute PHP under a different user than the webserver user.

In any case you need to ensure that you have a user that is able to execute the git command. I have no clue how you tested that on your own, best way I know is to ssh into the server box, do the git pull manually and collect the needed data like user-name, homedirectory etc. .

Answer 3

I can't post a comment in reply to you, but I am assuming that you are running a *nix system. You will be getting a permission denied if your apache/php daemons don't have permission to access .git/. You can change the owner/group of the .git/ directory recursively. Or do a chmod -R o+rw .git/* to give everyone (ie, not owner, not group) access to read and write in the git directory, which should clear up the permissions error that you are getting.

EDIT Just re-read the question, so what follows probably isn't needed, but leaving it just in case.

Though, doing that, you need to keep in mind that anyone with access to your server will be able to go to http://myurl/.git/ etc to access those. So as a security precaution, I would add a .htaccess file like:

order deny, allow
deny from all

in the.git directory so that apache will deny access from a web browser to everything in there.

Answer 4

create webhook.php in the root or anywhere from where you can access it

$result = exec("cd /path/to/repo && git pull origin branch");

make sure the permission is 775 and user of your file and your site directory is www-data owner