I'm using rsync to modify my websites html files locally and then I just run the command below as a script and with public key authentication it logs in to my server and updates the changes, deletes files I don't have locally etc. Very happy with the setup. It also ignores files related to git or other files I don't want uploaded. It goes like this:
rsync -avhP -e 'ssh -p 22' --exclude={.git,.gitignore,README.md,LICENSE.md} \
--delete ~/web/mywebsite/ sherpa@IPADDRESS:/var/www/mywebsite
I have disabled root login to this server. The sherpa user has sudo privileges obviously, but I can not upload to /var/www/mywebsite if I keep the folder owner www-data, I need to have it owned by sherpa or login as root to begin with. I haven't noticed any issues with nginx displaying the website by having /var/www/mywebsite as sherpa owner instead of www-data, but I understood it's not such a good practice to have /var/www/mywebsite not owned by www-data. Maybe some possible security issues too?
So without using root login to the server, is there a way to modify the rsync command so it can upload to /var/www/mywebsite even if the owner is www-data? I saw that chown command can be integrated into rsync, but it will fail I guess if I'm not root. Another way would be to make the script so it logs in, chowns the folder to sherpa, then rsync uploads the files then it goes in again and chown to www-data again, but this seems like a very unnecessary complex "solution".
Anybody got a solution to this?