Using a non-root to deploy a git repo to the web root
Create a new group, and add the
www-data user into it. Then setup your bare Git repository to always use the group you created as the gid for the repository files. With a new bare repository you do this with
git init --shared=group. (Ref) This will permit the
www-data account to read the repository.
Update your sudoers to permit the
git account to run commands as
www-data without a password.
# file: /etc/sudoers.d/gitpush # permissions should be 0440 # git user is allowed to basically do anything as the www-data user git ALL=(www-data) NOPASSWD: ALL
Then simply have your
sudo -u www-data for all the commands needed to perform the check/fixes.