I have reached through related to an svn repository user 'foo' and Apache, and I svn Trying to update, update with a post-fucking hook, which is also on a directory that is owned by Foo.
I've been running created a C wrapper owned by Fu and suits bit is set, as has been suggested, which should be added in post-commit script, user www-data Are there.
However, when I run the data from the user to the www data (with an empty environment) it actually calls the svn update as the user foo, but let me tell that the user is using www-data SVN has inspired to ask for a password.
The code for the cover, which is called svnupdater.c, is similar (with the right path) as suggested in official inquiries. This user has been created and compiled by foo. After setting the suit bit, LS-L shows the inside / hook inside of others:
-rwxr-xr-x 1 www-data foo 74 2011-03-28 12:54 Posted -commit - Rwsr-sr-x 1 foo foo 7144 2011-03-28 12:16 svnupdater If I 'su www data' and 'env - / Svnupdater run (either Sh or bash a) shows ps aux right:
foo 20260 3.7 0.8 14008 4492 points / 0 + 12:18 0:00 svn update / Home / foo / foosvn However, I can also point out the svn update with:
authentication realm: & lt; Http: // xxxxxx> XXXxx password for 'www-data': And of course, the post-commit call will not work completely.
Wherever I can not really understand the problem of understanding, this strategy is the official suggestion, but it seems that the SVN update is bypassing the Setuid and still using the real user ...
You need to add the --config-dir parameter inside the shell (so it seems) = "text-post "Itemprop =" text ">
It seems I got a solution. , Because it appears that svn files will not be read otherwise than the correct directory.
I think it should be documented in the Apache FAQ.
Comments
Post a Comment