Allow PHP Hook Script to Run for Git

Suppose we have a deploy.php script at /var/www/html/deploy.php that is called by a hook from a service such as Github or Bitbucket.

We need to configure our web-server user, in this case it’s www-data, who’s default home directory is /var/www.

Create .ssh directory and set permissions

mkdir /var/www/.ssh
chmod 0700 /var/www/.ssh
chown -R www-data:www-data /var/www/.ssh

Create the SSH keys and restrict permission on the keys, chmod 0700 above allows the server write to the known_hosts file which will be created within this directory also. Although you cannot switch session to the www-data user as it has no bash shell you can execute commands as the user using sudo -u www-data.

sudo -u www-data ssh-keygen -t rsa
chmod 0600 /var/www/.ssh/id_rsa
chmod 0600 /var/www/.ssh/

Add the public key to the repository host service, i.e. Github, Bitbucket. Copy key from

cat /var/www/.ssh/

Add service to the www-data known_hosts file, in this case Bitbucket

sudo -u www-data ssh -T [email protected]

Leave a Reply

Your email address will not be published. Required fields are marked *