All geek questions in one place

How to configure permissions in Linux so that two users can update a working copy of SVN on the server?

Subversion and Apache are installed on my server, and the Apache web directory is also a working copy of Subversion. The reason for this is because the simple svn update /server/staging command will deploy the last source to the staging server.

Apache shared web directory: /server/staging - (This is a working copy of SVN.)

I have two users on my server: "richard" and "austin". They are both members of the development team. I recursively set permissions in the / server directory for richard: developers using "sudo chown -R richard: developers / server".

Then I set read, write, and execute permissions for both richard and the development team.

So, "austin" should now use the svn update /server/staging command? However, when he tries, he gets an error:

 svn: Can't open file '/server/staging/.svn/lock': Permission denied

If I recursively change the owner / server to austin: developers, it can execute the command just fine, but then "richard" cannot.

How to fix the problem? I want to create a post-commit hook to automatically deploy an intermediate site when the files are committed, but I see no way for this to work for both users. The hook will be:

 /usr/bin/svn update /server/staging

Using the same account for both of them will not really be an acceptable solution, and I don’t know how to run the command inside hook as "root".

Any help is appreciated!

+4
source share
4 answers

Directory Group Id

If the setgid bit is set in a directory entry, the files in this directory will belong to the group as the directory, and not to the group of the user who created the file.

This attribute is useful when multiple users need access to specific files. If users work in a directory with the setgid attribute set, any files created in the directory by any of the users will have group permission. For example, an administrator can create a group called spcprj and add Kathy and Mark users to the spcprj group. The spcprjdir directory can be created with the set of GID and Kathy and Mark bits set, although they can work in a directory in different primary groups and have full access to all files in this directory, but still not have access to files in every other primary group.

The following command will set the GID bit to a directory:

 chmod g+s spcprjdir

List of directories in the spcprjdir directory:

 drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir

"s" instead of the execution bit in group permissions, all files written to the "spcprjdir" directory belong to the "spcprj" group.

edit: source = Files and Linux file permissions

+8
source

I would install svnserve , which is a simple Subversion server using the svn:// protocol. You can configure this so that it runs under your own user account, then access to the repository will be available only to one user. Then this user could have the correct privileges to run svn update /server/staging on the hook after commit.

0
source

in your svn repo, you can find the "conf" directory in which you set permissions. you have 3 files:

  • AuthZ
  • Passwd
  • svnserve.conf

which you install in the authz file that has user access, for each user or for each group. you set up groups there, SVN groups are not linux user groups (hashed lines are comments):

 [groups] # harry_and_sally = harry,sally projectgroup = richard,austin # [/foo/bar] # harry = rw -- user harry has read/write access # * = -- everybody have no access # [repository:/baz/fuz] # @harry_and_sally = rw -- harry_and_sally group members have read/write access # * = r -- everyone has read access [/server/staging] @projectgroup = rw * = r

get around this example and set your configuration. in the 'passwd' file you configure user passwords. performance

 cat passwd

You will receive a comment on the file explaining how to configure it.

0
source

I use WebDAV - all SVN updates and commits are processed through apache, and I have no such problems.

0
source

Source: https://habr.com/ru/post/1277417/

More articles:


All Articles