I have a BitBucket account, and it will trigger a script on my sever that will pull and update the live server when a push is made. The trigger works, and after having a lot of troubles getting the _www user to trust the hgrc or whatever (I did get that working), it’s actually doing the command.
The problem is I get an error about not being able to lock the folder, which means that my _www user doesn’t have permission to the .hg folder.
What’s a good way to approach this? I don’t want to make the .hg folder 0777. I could put _www in the same group as my user (which I believe it is) and give the group rw (what is that, 0775?). Would that be acceptable, or are there other security implications I might be missing, or a better way to handle this.
I was I could run the command with my user. And maybe I can. BitBucket is using a POST service to post to my server and I do the command via PHP’s shell_exec() (it only runs the command if the request came from BitBucket’s IP).
[Update] I went ahead and tried setting the permissions to 0775, and it still didn’t work (_www isn’t in the same group as my user). Same error, which is:
abort: could not lock repository /path/to/local/repo: Permission denied
You’ve got the right idea with the groups stuff. You need to:
chmod -R g+w .hg)If any other users besides www will be pushing/pulling/updating in that repo then you’ll also want to use the sticky-group-bit to make sure that newly created files and directory have the same group ownership as the
.hgdirectory itself.: