Updated on September 27th, 2022 in #linux
For security reasons it would be a good idea to use a heavily restricted ci user that can only git push code to your server and nothing more. This user wouldn’t even have an ability to run a shell like Bash, instead you can use git-shell which provides restricted git access.
It’s worth pointing out when you git push to your server, part of that process will run a git checkout in perhaps a git post receive hook. The details aren’t important for this post’s topic but it’s important to know that files will be created as the user who performed the git push.