views:

27

answers:

1

I've been referring to http://toroid.org/ams/git-website-howto as a starting point for a production web server running on a managed VPS. The VPS runs cPanel and WHM, and it will eventually host multiple client websites, each with its own cPanel account (thus, each with its own Linux user and home directory from which sites are served). Each client's site is a separate Git repository.

Currently, I'm pushing each repository via SSH to a bare repo in the client's home folder, e.g. /home/username/git/repository.git/. As per the tutorial above, each repo has been configured to checkout to another directory via a post-receive hook. In this case, each repo checks out to its own /home/username/public_html (the default DocumentRoot for new cPanel accounts), where the files are then served by Apache. While this works, it requires me to set up (in my local development environment) my remotes like this:

url = ssh://[email protected]/home/username/git/repository.git/

It also requires me to enter the user's password every time I push to it, which is less than ideal.

In an attempt to centralize all of my repositories in one folder, I also tried pushing to /root/git/repository.git as root and then checking out to the appropriate home directory from there. However, this causes all of the checked-out files to be owned by root, which prevents Apache from serving the site, with errors like

[error] [client xx.xx.xx.xx] SoftException in Application.cpp:357: UID of script "/home/username/public_html/index.php" is smaller than min_uid

(which is a file ownership/permissions issue, as far as I can tell)

I can solve that problem with chown and chgrp commands in each repo's post-receive hook--however, that also raises the "not quite right" flag in my head. I've also considered gitosis (to centralize all my repos in /home/git/), but I assume that I'd run into the same file ownership problem, since the checked-out files would then be owned by the git user.

Am I just approaching this entire thing the wrong way? I feel like I'm completely missing a third, more elegant solution to the overall problem. Or should I just stick to one of the methods I described above?

+1  A: 

It also requires me to enter the user's password every time I push to it, which is less than ideal

It shouldn't be necessary if you publish your public ssh key to the destintion account ".ssh/authorized_keys" file.

See also locking down ssh authorized keys for instance.
But also the official reference Pro Git Book "Setting Up the Server".

VonC
Thanks! That will definitely help. However, one issue from my original question still stands: Should I be centralizing my repositories in one place on the server? Or does it make sense to log in to a separate account for each separate repository?
peterjmag
@peterjmag: if you adopt a strategy like the one of gitolite, you only need to publish each user's SSH public key to the one central account managing your Git repo. See Gitolite Documentation for more details: http://github.com/sitaramc/gitolite/blob/pu/doc/2-admin.mkd#_adding_users_and_repos
VonC