SVN post-commit user permissions

I've a debian webserver with subversion running on it.

I'm trying to use post-commit script to update my staging version of my site.

#!/bin/sh

/usr/bin/svn update /home/sites/example.com/www >> /var/log/svn/example.log 2>&1

if I run that command from the com开发者_如何学Gomand line logged in as user 'derek' then it all works fine

but when it runs as post-commit I get the following error in my log file:

svn: Can't open file '/home/sites/example.com/www/.svn/lock': Permission denied

Ok, so I realize what is happening here is the user calling the post-commit script isn't 'derek' so it hasn't permission.

So my question is what user is calling the post-commit script.

the svnserve daemon is run as derek ... I thought that would mean the post-commit command would be called as derek too but it seems not.

Any ideas how I can find out what user is calling it

and secondly what would be the best practice method to allow access for that user? I don't think adding it to the group would help because the group doesn't have the write access to the .svn directories by default.

Update:

I've found out the user that is calling the post-commit script is actually www-data. So now how do I solve the problem.

Update Oct8: Sorry, i didn't get the question right the first time around. Here it the right answer.

As I understand you are trying to access svn via http(s), which does not need svnserve. Svnserve is for the svn's proprietary protocol(ie, svn or svn+ssh). so while you access svn via http(s) it would be running the process as the webuser. you can validate this by doing a 'echo $USER > /tmp/svn_post_ci_user' in the post commit script. To solve this problem just checkout the working copy in /home/sites/example.com/www as webuser.

old update: I think rather than trying to find the user, you can just include --username derek to the svn update command which should solve your problem.

So it is a permission problem on shared write between users

• create a group that includes you and www-data
• chgrp the working copy to this group
• give group write access to the working copy
• make sure umask of you and www-data are 002, so that every created file will group-writeable

I got it working. I had to write my own c program but it works!

thanks to info I found here: http://forum.webfaction.com/viewtopic.php?pid=216#p216