Hey all. I've been having some issues with file permissions on my live server whenever I push an update. I've previously used Forge and DO, but am currently using a DO droplet I've set up myself — herein lies the problem...

The only file permissions that allow updates to be run from the Control Panel and Spock to do its thing are 777. Anything less and I get this:

file_put_contents(/home/*redacted*/site/content/pages/index.md): failed to open stream: Permission denied in /home/*redacted*/statamic/vendor/league/flysystem/src/Adapter/Local.php:198

Shortly followed by Spock complaining about accessing git:

Error: 43 fatal: Unable to create '/home/*redacted*/.git/index.lock': Permission denied

I think the issue is that the git user doesn't have the same permissions as the Linux user that runs the php-fpm process, so whenever I pull new updates down from the repo, the permissions change to 644 and Statamic effectively gets locked out.

I'll probably set up a new server shortly (migrate to a more powerful, dedicated machine) so will want to fix this properly rather than just changing the permissions after every deploy. I'm not using Forge as I want to host other sites beside PHP apps on the same machine, and Forge doesn't work with Hetzner.

This is effectively a sysadmin questions, what do you think I need to do during setup to rectify this?

Cheers, Jamie.