My server has both Subversion and Apache installed, and the Apache web directory is also a Subversion working copy. The reason for this is that the simple command svn update /server/staging
will deploy the latest source to the staging server.
Apache public web directory: /server/staging
— (This is an SVN working copy.)
I have two users on my server, 'richard' and 'austin'. They both are members of the 'developers' group. I recursively set permissions on the /server directory to richard:developers, using "sudo chown -R richard:developers /server".
I then set the permissions to read, write and execute for both 'richard' and the 'developers' group.
So surely, 'austin' should now be able to use the svn update /server/staging
command? However, when he tries, he gets the error:
svn: Can't open file '/server/staging/.svn/lock': Permission denied
If I recursively change the owner of /server to austin:developers, he can run the command just fine, but then 'richard' can't.
How do I fix the problem? I want to create a post-commit hook with to automatically deploy the staging site when files are committed, but I can't see a way for that to work for both users. The hook would be:
/usr/bin/svn update /server/staging
Using the same user account for both of them wouldn't really be an acceptable solution, and I'm not aware of any way to run the command inside the hook as 'root'.
Any help is appreciated!
I use WebDAV - all SVN updates and commits are handled via apache and I never have such problems.
I would set up
svnserve
which is a simple Subversion server using thesvn://
protocol. You can set this up so it runs under its own user account, then the repository would only be accessed by that one user. This user could then have the correct privileges to runsvn update /server/staging
on a post-commit hook.in your svn repo, you can find a 'conf' directory where you set permissions. you have 3 files there:
you set in the authz file which users have which kind of acces, per user or per group. you set groups there, SVN groups not linux user groups (hashed lines are comments):
work around this example and set your config. in the 'passwd' file you set up users passwords. execute
you'll get commented file with explanation how to set it up.
Directory Set Group ID
If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.
This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.
The following command will set the GID bit on a directory:
The directory listing of the directory "spcprjdir":
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .
edit: source = Linux Files and File Permissions