Am 01. Nov, 2007 schwätzte [EMAIL PROTECTED] so:
Here's what I've set up:- /www/dev and /www/live are both working copies of the same SVN repository. - /www/dev is owned by me, and a group called wwwdev. The directory and all files in it are group-writeable, so anyone in the wwwdev group can make changes and commit them. - /www/live is owned by a user wwwlive (also group wwwlive). No one else is in this group, only this user. Thus no other users can edit the files in this directory directly. - I've written a very simple C program that runs an 'svn update' command for the /www/live directory. The binary version, called 'live_svn_update' is owned by wwwlive, and is setuid and setgid. (chmod ug+s). So, anyone can run this program to bring the /www/live tree up to the latest of what's in the repository (checked in from /www/dev), even though they can't edit anything in /www/live directly.
How about using sudo rather than a setuid program? That also allows you to maintain a group of people who have access to do the updates that is a subset of those who have access to the machine. Also, since you seem to have put both in the same filesystem, have you made sure the dev area can't run you out of space? ciao, der.hans -- # https://www.LuftHans.com/ http://www.CiscoLearning.org/ # "I have seen the enemy, and it is shiny." -- Benjy Feen, 22Jun2001
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
