CentOS 6.8
PHP 7.0.7
Git 1.7.1
Created a bare warehouse in the directory/home/work/repositories/test.git
git cloneGo to the website root directory/home/work/www/
PHPThe running user iswww-data, and the permissions of the/home/work/www/directory are755, belonging towww-datauser andwww-datauser group
Thepost-receivehook is configured. When the development environment executesgit push, it will automatically go to the/home/work/www/testdirectory for executiongit pullOperation
#!/bin/sh cd /home/work/www/test sudo -u www-data env -i git pullWhen the above configuration is completed, the development environment executesgit push, and the following error appears
Counting objects: 3, done. Delta compression using up to 8 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 790 bytes | 0 bytes/s, done. Total 3 (delta 1), reused 0 (delta 0) remote: sudo: no tty present and no askpass program specified remote: Gogs: Internal error To ssh://xxx/test.git 6250615..3e4555d master -> masterFollow the online tutorial and add this line to/etc/sudoers
%git ALL=(ALL) NOPASSWD: ALLAfter configuring in this way,git pullwill be executed in the/home/work/www/testdirectory after eachgit pushThe operation achieved the expected results.
I would like to ask everyone, according to the above configuration, are there any security risks or configuration loopholes?
Thanks!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Personally, I think it is not good to put code (including git repository) on the production server, especially if it is placed in the web directory. Once some permission issues arise, the code is likely to be dragged
In fact, you can separate the php entry file and the .git folder, and that’s it.
Like Laravel, the entry file is in public and .git is outside public, so it will not affect you at all.