How can I setup the permissions in Linux so that two users can update the same SVN working copy on the server?

Question

My server has both Subversion and Apache installed, and the Apache web directory is also a Subversion working copy. The reason for this is that the simple command svn update /server/staging will deploy the latest source to the staging server.

Apache public web directory: /server/staging — (This is an SVN working copy.)

I have two users on my server, 'richard' and 'austin'. They both are members of the 'developers' group. I recursively set permissions on the /server directory to richard:developers, using "sudo chown -R richard:developers /server".

I then set the permissions to read, write and execute for both 'richard' and the 'developers' group.

So surely, 'austin' should now be able to use the svn update /server/staging command? However, when he tries, he gets the error:

svn: Can't open file '/server/staging/.svn/lock': Permission denied

If I recursively change the owner of /server to austin:developers, he can run the command just fine, but then 'richard' can't.

How do I fix the problem? I want to create a post-commit hook with to automatically deploy the staging site when files are committed, but I can't see a way for that to work for both users. The hook would be:

/usr/bin/svn update /server/staging

Using the same user account for both of them wouldn't really be an acceptable solution, and I'm not aware of any way to run the command inside the hook as 'root'.

Any help is appreciated!

Answer 1

Directory Set Group ID

If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.

This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.

The following command will set the GID bit on a directory:

chmod g+s spcprjdir

The directory listing of the directory "spcprjdir":

drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir

The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .

edit: source = Linux Files and File Permissions