On Thu, Jul 21, 2011 at 9:36 AM, Daniel Neuberger
> We have a rather unique setup to meet certain requirements and as a
> result I can't get any hooks to work (even empty ones or ones that
> just exit with a zero return code).
> In short, we have a repository owned by one user that is accessed by
> tunneling over ssh to other user accounts. To get around the
> permission issues, the setuid bit is set on /usr/bin/svnserve for the
> user that owns the repository. Everything works fine except hooks
> regardless of what permissions I give them or what the script does.
> The hooks work fine though if I ssh to the user account that owns the
> repository rather than another user account (we can't operate that way
> Everything else from the other user accounts works fine. Also,
> running the pre-commit hook from the other user accounts using an
> empty environment works fine too.
> All the scripts are bash scripts. All systems are RHEL 5.5 using svn 1.4.
Stop *RIGHT* there. Go grab the Subverson 1.6.x from the RHEL updates.
Do not pass go, do not collect $200 until you do this sitewide. There
are significant security and performance improvements, well worth the
That said, putting "suid" bits on svnserve is just begging for
confusing pain in a configuration that no one has been using. Can you
not use the svn+ssh shared account access, with SSH keys restricted to
svnserve tunnel access, as documented in the Subversion Red Book?
Received on 2011-07-21 16:51:46 CEST