I am currently writing a bash shell script to transfer the latest revision of our svn repository to a webserver. This is done using svn export to server A and rsync'ing it with the webserver, a special user (called sync_user) was created with sufficient permissions on each side (server A and the webserver) to perform these updates. The script uses "su sync_user" to perform the svn export and rsync as sync_user :
export -f sync_section
su sync_user -c "sync_section $source $tmp $dest"
where sync_section is a function in the script:
# critical section which performs the actual website update (export & sync)
# takes 3 parameters: source, tmp, dest
function sync_section {
source=$1
tmp=$2
tmp_old=$tmp"_old"
dest=$3
#enter critical section
set -e
# export to temp folder on server A
svn export -q --force $source $tmp --native-eol LF
# rsync with remote live website folder.
rsync -avzhiO $tmp $dest
# clean up
rm -rf $tmp_old
mv -f $tmp $tmp_old
# exit critical section
set +e
}
The idea is that everyone who has permissions to update/sync the webserver knows the sync_user's password, thus can enter into the "su sync_user" section.
Sounds good in theory but rsync is not happy with this setup and gives me the following error message: (user_x is the user calling the script)
#### rsync output:
building file list ... rsync: pop_dir "/home/user_x" failed: Permission denied (13)
rsync error: errors selecting input/output files, dirs (code 3) at flist.c(1314) [sender=2.6.8]
After some googeling I found out that the problem I am having is caused by rsync as it requires the sync_user to have full access permissions on the script caller's home directory. Is that correct? and if so why? and is there a work-around for it?
Note: The home directory of the user is not used at all in the script. Only /tmp/ on server A and /var/www/vhosts/ on the webserver are used.
Alright so after some back and forth, we managed to solve the problem. It is fully a user permission issue and has nothing to do with rsync as such.
When running 'su sync_user ...' the active terminal pointed to the home directory of the user who calls the script (user_x). Since sync_user is not even allowed to be in that folder it consequently isn't allowed to run some commands (like rsync, or ls), which causes the error message.
To fix it I added a 'cd ~' before running the 'sync_section script:
su sync_user -c "cd ~; sync_section $source $tmp $dest"
And the script now works like a charm :)
I hope this helps somebody in the future!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With