I have a hook which executes a git pull but it fails when it needs to write added files. The user it operates as is apache, and it can execute the git pull fine when write permissions are granted to it (via adding apache to a group with write access).
I have come up with a few solutions...
- keeping apache in the group with write permissions (feels insecure)
- changing ownership of the files to apache (insecure and hacky)
- using sudo (but that would require storing a password or having no password)
- executing a chmod adding write for apache before and after the git pull's execution (hacky)
However, all of these seem like either insecure/hacky solutions.
Please share any suggestions or methods you have used to get around these problems. I am curious to hear any solution, especially if you've had to jump this hurdle yourself.