On Nov 2, 2007 2:11 PM, wrote: > Quoting Alex LeDonne : > > > > I just found a snippet on > > http://www.linux-knowledge-portal.org/en/content.php?&content/programming/secprog2.html > > : > > > > "The access(2) call uses the real UID and real GID to check the > > rights. This means that the effective UID/GID of SetUID/-GID programs > > does not apply. In the case of the access check with open(2), on the > > other hand, the effective UID/GID is used." > > > > So if svn is using access(2) instead of open(2) to check perms on the > > lock file, your system() call won't work. > > > > I haven't tried to look at subversion source yet to see... > > > > -Alex L > > Thanks for the assistance. > > I've taken a different approach which is a little clunkier, but also > works well enough. > > The 'wwwlive' user runs a shell script that checks for the presence of > a flag file. When that file exists, wwwlive runs an 'svn update' to > update the live site. So, anyone who creates that file can cause a > site update. Just for safety, I added a wwwlive cron job that checks > to make sure that shell script is running, and re-starts it if needed. > Accomplishes the goal and doesn't require setuid. > > alex > Congrats on the workaround. For archive searchers, and in case you want to try removing the clunk, I found one other interesting story: http://svn.haxx.se/users/archive-2004-01/0717.shtml This suggests that you could have a c program wrapper that is suid root, which calls both setuid() and seteuid() before calling the real program (in the story, a post-commit script; in this case, svn). It uses execv() to call the script in question, rather than system(), which may also make a difference. Disclaimer: IANA C Programmer. -Alex L --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss