[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is it possible to have a shared workarea?

From: David Mankin <david_at_ants.com>
Date: 2004-01-16 17:32:23 CET

As I understand it, you've run into a problem in unix with setuid
scripts. I think it would have worked, if post-commit were a compiled
program, but since it's an interpreted script (I assume), your OS is
disallowing it to be run as another user. You can read a bit more
about this in the perlsec man page
(http://www.die.net/doc/linux/man/man1/perlsec.1.html#security ),
including an example c program you can use to wrap your script.

I don't really know much about this topic, just remembered having to
deal with it when setting up perl. Good luck.

-David

On Jan 15, 2004, at 4:50 PM, Anthony E. Glover wrote:

> I had just been thinking that when I got your e-mail. Is this right?
>
> % chmod u+s post-commit
> % chmod g+s post-commit
>
> Even after I did this, I got the following when trying to run the hook
> as a different user:
>
> /dev/fd/4: update.: Permission denied
>
> I'm not sure I understand why it would have a problem. The listing
> looks like:
>
> -rwsrwsr-x 1 oasinfr users 1694 Jan 15 16:43 post-commit
>
> So, if I am logged in as some other user and I execute the post-commit
> script. It and all commands executed by it should be running as
> oasinfr, correct?
>
> Thanks,
> Tony
>
> Dave Rolsky wrote:
>
>> On Thu, 15 Jan 2004, Anthony E. Glover wrote:
>>
>>
>>> The reason for this shared area is that it is on the production
>>> system
>>> and updated by my post-commit hook as files are checked into the
>>> repository. When one of the users checks a file into the repository,
>>> the
>>> post-commit hook tries to do an update of the workarea on the server,
>>> followed by a compile, and copy to a deployment directory. By having
>>> a
>>> workarea on the server, as opposed to doing an export, only the files
>>> that are out of date have to get compiled.
>>>
>>
>> You could make your post-commit hook run setuid as some user or other.
>>
>>
>> -dave
>>
>> /*=======================
>> House Absolute Consulting
>> www.houseabsolute.com
>> =======================*/
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jan 16 17:33:17 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.