Quoting Alex LeDonne : > I just found a snippet on > http://www.linux-knowledge-portal.org/en/content.php?&content/programming/secprog2.html > : > > "The access(2) call uses the real UID and real GID to check the > rights. This means that the effective UID/GID of SetUID/-GID programs > does not apply. In the case of the access check with open(2), on the > other hand, the effective UID/GID is used." > > So if svn is using access(2) instead of open(2) to check perms on the > lock file, your system() call won't work. > > I haven't tried to look at subversion source yet to see... > > -Alex L Thanks for the assistance. I've taken a different approach which is a little clunkier, but also works well enough. The 'wwwlive' user runs a shell script that checks for the presence of a flag file. When that file exists, wwwlive runs an 'svn update' to update the live site. So, anyone who creates that file can cause a site update. Just for safety, I added a wwwlive cron job that checks to make sure that shell script is running, and re-starts it if needed. Accomplishes the goal and doesn't require setuid. alex --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss