Permissions with Git Post-Receive

Posted April 6, 2013 19.9k views
After following the Git tutorials, I have taken it a step further and created a 'post-receive' so that when I do a push to the live server it should then checkout to the virtual hosts directory of the website. #!/bin/sh GIT_WORK_TREE=/var/www/domainname/public_html/ git checkout -f However, when I try to do my push, it goes out the master successfully but I get permission denied errors when trying to create those files on my server web root. e.g. remote: error: unable to create file index.php (Permission denied) These errors actually make sense to me due to the way I have setup my server as per D.O.'s great how to articles. I disabled root access and created a new user that is added to the sudoers through visudo. Then setting up SSH keys for this user. I use this user for pushing out my git changes to the server. The issue is, I believe, that this user that I connect to push doesn't have the rights to write to the virtual hosts directory. All my files in these folders are owned by www-data (my nginx user) with the same group. What is the solution? Create another user (SSH key) to connect with just for git that has higher permissions or is there a way to grant the post-receive sudo like abilities? Apologies for the very long winded question but wanted to be absolutely clear with what I did.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers
You don't have permission to write to the folder; right now, only the www-data user and the www-data group can. You might try adding yourself to the www-data group and making sure the group can write to the public_html folder, like so:

$ sudo usermod -a -G www-data yourname
$ sudo chmod -R g+w /var/www/domainname/public_html

Does that help?
  • robdumas,

    thank you so much for the answer you posted. it seems like something so basic now that i look at it, but your answer was the perfect piece of information I needed to “connect all the dots”. things are working now!

I run a similar setup with GIT, which I'll do my best to outline.

I run gitolite and use a separate git user, in conjunction with two post-receive scripts. The first is a git deploy script ( and the second is a simple bash script to fix the permissions of ~git/public_html/ in conjunction with this script (which uses rsync to copy follows and isn't terribly good at retaining file permissions):

Hope this helps!