Re: what permissions are needed to let a php script call the "svn update" subversion command?

/usr/bin/svn update /home/www/contentingester  --username lkrubner --
password xxxxxxxx

What current working directory is needed to make this work?

The working directory (I assume you mean the directory with the
working copy):

No, I mean the *CURRENT WORKING DIRECTORY*.  You can find out what it is
with the 'pwd' command.  (It's possible that the command won't depend on
the current working directory - but then again a lot of commands do).

You can set a specific current working directory by prefixing the
command you run with a cd command, e.g.
        shell_exec("cd /var/tmp; /usr/bin/svn update .... 2>&1");

This seems to be the best idea yet. When I try this line:

$results = shell_exec("cd /home/www/contentingester && /usr/bin/svn
update --username lkrubner --password xxxxx");

REDIRECT STDERR TO STDOUT ( 2>&1 ) SO YOU CAN SEE THE ERROR MESSAGES!

I get a page full of "restore" results. So that made some action on
the part of Subversion work, I assume. But there is a file that I've
changed and committed to Subversion (a test file) which still is not
getting pulled from the repository to the site.

I suggest that you concentrate on the possibility that some of what
Subversion is supposed to do, it can't do, because of permission
problems or an incorrect current working directory.

TEST IT running from a shell as the user PHP runs as.
READ THE ERROR MESSAGES.

Note that 2>&1 at the end:  it redirects stderr to stdout so shell_exec
will show you the error messages.



/home/www/contentingester

It comes right after "update".

But when I put it in a PHP script  this does not work (and by that
mean, the command "svn update" seems to never be called):

How do you determine this?

Now log in, or su to, the user that PHP runs as.  Try the same
command.  Observe any error messages.  Then fix the problem.
Note that fixing the problem may mean that the same user has to
check out a source tree, modify it, and check in changes.

I seem unable to su to "apache" or "nobody". You can see what I've
tried below:

Then fix it so you can.  Find out what user PHP/Apache runs as.
(with ps).  If necessary, edit the password file so the account has
a valid password and shell (same shell you're using for root, not
/sbin/nologin).

[root@cobalt ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6
(disk),10(wheel)
[root@cobalt ~]# su apache
This account is currently not available.
[root@cobalt ~]# id www-data
id: www-data: No such user
[root@cobalt ~]# su nobody
This account is currently not available.

Any tips?

Give the accounts apache and www-data valid shells.

You might find out something useful if you try to run svn from a
shell as *ANY USER BESIDES ROOT*.  You will learn the most if you

Apache (and perhaps PHP) will refuse to run commands that have
excessive permissions (world-writable), or are in directories with
excessive permissions.  Blanketing the system with "chmod 0777"
commands is one way to make sure that nothing will run.  This isn't
a problem with data files, but /usr/bin/svn should *NOT* be
world-writable, nor should /usr/bin.

If Apache won't run a file because it has overly wide permissions,
would that result show up in the Apache error log?

Yes, but when I tried it, the error message just said "exec failed".

I don't think your problem is permission to run /usr/bin/svn. Your
problem is that /usr/bin/svn doesn't have the privileges (on various
files all over the place) to do what it needs to do.

.

Relevant Pages