You grant permission to the
git user to run the script you want it to run as the
git ALL=(deploy) NOPASSWD: /usr/local/bin/some-script ""
Should the git user even have any way to do that, because anyone could ssh into the machine under the git user right?
Well, for starters, hopefully not anyone can log into the machine, only people who have a legitimate need to access that account. Secondly, SSH as the
git user should be triggering a forced command, so the people logging in shouldn't be able to trigger the deploy script arbitrarily. Finally, the script being invoked should be written in such a way that it can't do anything more damaging than "redpeloy known-safe code which already got deployed before", so there really shouldn't be any downside to someone being able to trigger the script repeatedly, other than perhaps resource exhaustion.