CentOS 6.8
PHP 7.0.7
Git 1.7.1
Created a bare warehouse in the directory /home/work/repositories/test.git
git cloneGo to the website root directory/home/work/www/
PHPThe running user is www-data, and the permissions of the /home/work/www/ directory are 755 , belonging to www-data user and www-data user group
The post-receive hook is configured. When the development environment executes git push, it will automatically go to the /home/work/www/test directory for executiongit pullOperation
#!/bin/sh
cd /home/work/www/test
sudo -u www-data env -i git pullWhen the above configuration is completed, the development environment executes git push, and the following error appears
Counting objects: 3, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 790 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: sudo: no tty present and no askpass program specified
remote: Gogs: Internal error
To ssh://xxx/test.git
6250615..3e4555d master -> masterFollow the online tutorial and add this line to /etc/sudoers
%git ALL=(ALL) NOPASSWD: ALLAfter configuring in this way, git pull will be executed in the /home/work/www/test directory after each git push The operation achieved the expected results.
I would like to ask everyone, according to the above configuration, are there any security risks or configuration loopholes?
Thanks!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Personally, I think it is not good to put code (including git repository) on the production server, especially if it is placed in the web directory. Once some permission issues arise, the code is likely to be dragged
In fact, you can separate the php entry file and the .git folder, and that’s it.
Like Laravel, the entry file is in public and .git is outside public, so it will not affect you at all.