rsync pop_dir "/home/user_x" failed: permission denied, why?

Question

I am currently writing a bash shell script to transfer the latest revision of our svn repository to a webserver. This is done using svn export to server A and rsync'ing it with the webserver, a special user (called sync_user) was created with sufficient permissions on each side (server A and the webserver) to perform these updates. The script uses "su sync_user" to perform the svn export and rsync as sync_user :

export -f sync_section 
su sync_user -c "sync_section $source $tmp $dest"

where sync_section is a function in the script:

# critical section which performs the actual website update (export & sync)
# takes 3 parameters: source, tmp, dest
function sync_section {

  source=$1
  tmp=$2
  tmp_old=$tmp"_old"
  dest=$3

  #enter critical section
  set -e

    # export to temp folder on server A
    svn export -q --force $source $tmp  --native-eol LF

    # rsync with remote live website folder.
    rsync -avzhiO $tmp $dest

    # clean up
    rm -rf $tmp_old 
    mv -f $tmp $tmp_old 

  # exit critical section
  set +e
}

The idea is that everyone who has permissions to update/sync the webserver knows the sync_user's password, thus can enter into the "su sync_user" section.

Sounds good in theory but rsync is not happy with this setup and gives me the following error message: (user_x is the user calling the script)

#### rsync output:

building file list ... rsync: pop_dir "/home/user_x" failed: Permission denied (13)
rsync error: errors selecting input/output files, dirs (code 3) at flist.c(1314) [sender=2.6.8]

After some googeling I found out that the problem I am having is caused by rsync as it requires the sync_user to have full access permissions on the script caller's home directory. Is that correct? and if so why? and is there a work-around for it?

Note: The home directory of the user is not used at all in the script. Only /tmp/ on server A and /var/www/vhosts/ on the webserver are used.

Answer 1

Alright so after some back and forth, we managed to solve the problem. It is fully a user permission issue and has nothing to do with rsync as such.

When running 'su sync_user ...' the active terminal pointed to the home directory of the user who calls the script (user_x). Since sync_user is not even allowed to be in that folder it consequently isn't allowed to run some commands (like rsync, or ls), which causes the error message.

To fix it I added a 'cd ~' before running the 'sync_section script:

su sync_user -c "cd ~; sync_section $source $tmp $dest"

And the script now works like a charm :)

I hope this helps somebody in the future!