On re-reading, this question has gotten rather long. I was trying to include all the information that might be relevant. Sorry if I've included a bunch of stuff that isn't... I'm setting up a website development environment for a group of developers. We want a 'dev' area where everyone can work on things, and a 'live' area which is the Apache document root. We want to ensure that any changes to the live site go through version control, for accountability, etc. No one should be able to edit the live site directly, only the dev site. Here's what I've set up: - /www/dev and /www/live are both working copies of the same SVN repository. - /www/dev is owned by me, and a group called wwwdev. The directory and all files in it are group-writeable, so anyone in the wwwdev group can make changes and commit them. - /www/live is owned by a user wwwlive (also group wwwlive). No one else is in this group, only this user. Thus no other users can edit the files in this directory directly. - I've written a very simple C program that runs an 'svn update' command for the /www/live directory. The binary version, called 'live_svn_update' is owned by wwwlive, and is setuid and setgid. (chmod ug+s). So, anyone can run this program to bring the /www/live tree up to the latest of what's in the repository (checked in from /www/dev), even though they can't edit anything in /www/live directly. The problem is that while this works great on my workstation (where I first tried it out), I can't get it working correctly on the server where we'll actually do the development. I'm really confused about why. Debugging code I've added to the program shows that the effective UID and GID are being changed to wwwlive, but the 'svn update' command fails due to a permissions error. Running the program while logged in as wwwlive works perfectly. My workstation is Ubuntu, while the server is RHEL, but I can't find anything which would say that matters. [alexd]$ pwd /www [alexd]$ ls -l total 32 drwxrwxr-x 4 alexd wwwdev 4096 Nov 1 10:13 dev drwxr-xr-x 4 wwwlive wwwlive 4096 Nov 1 12:50 live -rwsr-sr-x 1 wwwlive wwwlive 7660 Nov 1 12:44 live_svn_update -rw-r--r-- 1 wwwlive wwwlive 383 Nov 1 12:44 live_svn_update.c [alexd]$ more live_svn_update.c #include #include #include #include int main(void) { printf("Real UID\t= %d\n", getuid()); printf("Effective UID\t= %d\n", geteuid()); printf("Real GID\t= %d\n", getgid()); printf("Effective GID\t= %d\n", getegid()); system( "/usr/local/bin/svn update /live_www/azc2008redesign/live/" ); return EXIT_SUCCESS; } Compiled with : gcc -Wall live_svn_update.c -o live_svn_update [alexd]$ egrep 'alexd|wwwlive' /etc/passwd alexd:x:110115:20014:Alex Dean:/home/alexd:/bin/bash wwwlive:x:100313:20023:Live WWW Owner:/home/livewww:/bin/bash [alexd]$ egrep 'alexd|wwwlive' /etc/group alexd:x:20014:alexd wwwlive:x:20023: When I log in as wwwlive and run the update, it's fine. [wwwlive]$ ./live_svn_update Real UID = 100313 Effective UID = 100313 Real GID = 20023 Effective GID = 20023 At revision 3. When I run it as myself, you can see that the UID and GID are changing to those of wwwlive, but that doesn't need to give me the permissions I need to perform the update. [alexd]$ ./live_svn_update Real UID = 110115 Effective UID = 100313 Real GID = 20014 Effective GID = 20023 svn: Can't open file '/www/live/.svn/lock': Permission denied So... I'm kinda stumped at the moment. Anyone see anything I've missed, or something else I ought to try? thanks, alex --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss