I have an svn repository which belongs to user 'foo' and is accessed through Apache, and I'm trying to run svn update from the post-commit hook, on a directory which is also owned by foo.
I created a C wrapper owned by foo and setted the suid bit, as suggested in http://subversion.apache.org/faq.html#website-auto-update , which should then be called by the post-commit script, run by user www-data.
Still, when I run the wrapper from user www-data (with an empty environment) it actually calls svn update as user foo, but inexplicably I get prompted by svn asking for the password of user www-data.
The code for the wrapper, called svnupdater.c is the same (of course with the correct paths) as suggested in the official faqs. It is created and compiled by user foo. After setting the suid bit, ls -l inside /hooks shows among others:
-rwxr-xr-x 1 www-data foo 74 2011-03-28 12:54 post-commit
-rwsr-sr-x 1 foo foo 7144 2011-03-28 12:16 svnupdater
If I then 'su www-data' and run 'env - ./svnupdater' (either from sh or from bash), ps aux correctly shows:
foo 20260 3.7 0.8 14008 4492 pts/0 S+ 12:18 0:00 svn update /home/foo/foosvn
But still I can see svn update prompting me with:
Authentication realm: <http://xxxxxx> xxxxx
Password for 'www-data':
And of course the whole thing won't work when the post-commit calls it.
I can't really seem to understand where the problem is, since this strategy is the official suggested one, but it looks like svn update is bypassing the setuid and still using the actual user...
