What I am trying to do
I have a git repository on bitbucket. After pushing to the repository from my local machine I want to automatically pull the master branch to my webspace.
What I have done so far
I connected to my server using ssh, created the ssh key and registered the public key on github.
I created a .sh script which pulls the master branch using ssh - so far so god - everything works when I run the script from the command line/putty
What is the problem
I want to trigger the .sh script with a webhook on bitbucket (I can give an url). For that purpose I created a .php file in my webspace:
<?php
$output = shell_exec('./deploy.sh 2>&1');
echo $output;
my .sh script looks like this:
#!/bin/bash
git pull git#bitbucket.org:dualmeta/test.git master
As already said, running the .sh script with putty works perfectly fine. However if I enter the url to the .php file in my browser it gives me an error:
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I already did some reserach and found that many people have the exact same problem. However in my case i do not have root/sudo access because it is a rented webspace and not my own vServer.
Is there any chance getting this to work?
You must add access www-data or apache user to your git directory.
chown -R apache:apache git_directory
or
chown -R www-data:www-data git_directory
or
chmod o+rw -R git_directory
Use this too :
git config credential.helper store
I have set up ssh keys properly and added them to my github account . Whenever I ssh into the server and run git pull , everything runs normally and it pulls changes from the repository . However I have a deploy script that runs git pull via shell_exec() but it returns this error;
origin git#github.com:sayopaul/autodeploy-tutorial.git (fetch)
origin git#github.com:sayopaul/autodeploy-tutorial.git (push)
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
PHP (the webserver) likely doesn't run as the same user you use when you SSH into the server. Thus, it doesn't have access/permission / doesn't use the correct SSH keys to authenticate vs GitHub.
I can think of 2 easy solutions:
Utilize sudo:
Add this rule in the sudo-conf (sudo visudo) to allow the user www-data to run (only) /usr/bin/git as yourotheruser:
www-data ALL=(yourotheruser) NOPASSWD: /usr/bin/git
Now you can invoke git using:
sudo -u yourotheruser git pull
Security advise: To limit the potential damage done if someone manages to execute arbitrary code through www-data:
Create a script owned by yourotheruser (and not writeable by others), e.g. /home/yourotheruser/deploy.sh with the contents:
cd /path/to/repo
git pull
And allow the sudo access only to this script. This way, no other git action than pull in the intended directory can be performed.
Change the user PHP itself is executed with:
Use php-fpm
Use the ITK MPM
I'm setting up my server to listen to a webhook which is currently
shell_exec('git pull 2>&1');
Receiving and executing is working fine, except the to get it to actually replace files I need to give www-data (apache debian) permission to write all the files/folders on my webserver, right?
Currently I'm getting this as a result (no write permissions)
Updating 115da6c..9e82ef0
error: unable to unlink old 'example-path/html.html' (Permission denied)
What are the security implications of giving www-data permission to write files, and is this the right choice or am I doing things all wrong?
Another ways to achieve what you want:
sudo. Configure sudo to run the command passwordless and run shell_exec('sudo git pull 2>&1');.
Create a setuid wrapper that runs git pull and run shell_exec('git_pull_suid_wrapper');.
When I instal nextgen-gallery plugins. This error message appears
Downloading update from https://downloads.wordpress.org/plugin/nextgen-gallery.zip…
Unpacking the update…
Could not create directory.
How can I fix this problem ?
This is a permissions issue. Ensure the directory is writable by apache. Plugins are unpacked into the wp-content/plugins directory, so I would first attempt writing to the directory as apache:
sudo -u apache touch /path/to/wp-content/plugins/test.txt
Set permissions accordingly to correct the issue. You can read about permissions here: https://www.pluralsight.com/blog/it-ops/linux-file-permissions
You can read about the correct file permission scheme for Wordpress here: https://wordpress.org/support/article/changing-file-permissions/
#skrilled and #knutole's answer was great but I found that when attempting to fix the issue on the plugins folder, everything was ok and the answer did not work for me.
If anyone else has this issue, try looking at the upgrades folder also. This folder (from what I can see) is used as a folder to store temporary files for when WP upgrades or plugin updates are being ran.
If you simply receive the message stating 'Could not create directory' and there is no path specified, it could actually be talking about the upgrades folder.
Most likely, if you have configured it correctly, the http server associated to your wordpress site belongs to the group www-data. That's how one should configure it correctly.
Try members www-data and ps aux | grep www-data to be sure. In the latter command you should see on the last columns either nginx or apache.
In this case, you just need to set that group to the directory
sudo chgrp -R www-data <your_wordpress_root_dir>/
and then add full group permissions to such directory
sudo chmod -R g+rwx <your_wordpress_root_dir>/
Now it works perfectly :)
for nginx people
if you have php-fpm installed you have to tell it that its user and group is nginx. /etc/php-fpm.d/www.conf . find user which is assigned to apache by default and change it to nginx. also do it for group. then run this command :
sudo service php-fpm restart
also inside of your wordpress directory execute these commands
sudo chown nginx:nginx * -R
sudo usermod -a -G nginx username
change username into what your current username is.
yet you have to apply propper permissions.
run these commands inside your wordpress directory
sudo find . -type f -exec chmod 664 {} +
sudo find . -type d -exec chmod 775 {} +
If you are using vsftpd as your FTP server and have enabled passive connections, you need to add pasv_promiscuous=YES to /etc/vsftpd/vsftpd.conf.
I was having a similar issue. It started with me trying to update a plugin on a migrated WP install. I didn't get it, all my permissions were EXACTLY the same as the old server. In my situation, I started to see that not much was working properly. I couldn't install/delete plugins or themes as well as uploading media would error out. Then I found the fix via some research.
If you are still having this issue, and changing permissions DID NOT fix the problem try this:
Go in to your hosting control panel and find your hosting settings, wherever you can edit your scripting settings. In Plesk (as in my example), this would be under Websites & Domains. Click on your domain name at the bottom. On the next screen, where it says "PHP support (run as..." change the dropdown from "Apache module" over to "FastCGI application". Everything should be fixed up now!
(Re)setting the permissions via ftp didn't make a difference for me either. There is no SSH available, so I had to log in the control panel (directadmin in my case), the File Manager where I could "Reset Owner" to "File ownership reset" the /wp-contents directory.
I'm running Nginx with Wordpress. I deleted the upgrade folder in wp-content and then ran the upgrade from the wordpress GUI again. I noted the linux user for the upgrade folder created was www-data. I then did a {sudo chmod -R www-data:www-data .} Ran the upgrade again from the GUI and it worked.
Probably need to change the permissions on most of the folders so they can't be modified by www-data but I'll figure that out tomorrow.
A permission issue, make sure apache (www-data) has write permissions.
All the above is great, but I think you missed the simplest issue. Your website is using more space than it has allotted, and therefore it is broke. Wordpress makes more files as is in use. If you are on the margin of going over, a simple overnight issue where you did nothing is possible. Go to bed, everything fine. In the morning website is broke.
I own my websites so I go into the reseller part of Hostmonster or Hostgator (I have sites on both hosting platforms) and I reallocate more space and the problem goes away usually. Try that first, or look into it before messing around with permissions. If you changed a permission and the issue came up, could be permissions, otherwise, check this first.
I had the same issue when I tried to install wp plugin(s). However, I managed to solve the problem with the following command:
sudo wp plugin install [plugin name] --allow-root
I have a php script that runs as the user 'codex' and I'm trying to get it to create a new directory to be used as a git repo inside of /home/git/repositories/
I added the codex user to the git group but I must have missed some permissions or something because when I sudo into codex and go to the /home/git/ directory and run mkdir I get a permissions denied error. And of course I get the same error running mkdir in php as well.
I'm running on CentOS 5.9
Any help would be appreciated.
--Vince
Make sure the group has write access (and read and list access while we're at it):
chmod g+rwx /home/git
You might also want to make sure the directory's group is the git group:
chgrp git /home/git