I would like to write a shell script that sets up a mercurial repository, and allow all users in the group "developers" to execute this script.

The script is owned by the user "hg", and works fine when ran. The problem comes when I try to run it with another user, using sudo, the execution halts with a "permission denied" error, when it tries to source another file.

The script file in question:

create_repo.sh

#!/bin/bash

source colors.sh

REPOROOT="/srv/repository/mercurial/"
... rest of the script ....

Permissions of create_repo.sh, and colors.sh:

-rwxr--r-- 1 hg hg  551 2011-01-07 10:20 colors.sh
-rwxr--r-- 1 hg hg 1137 2011-01-07 11:08 create_repo.sh

Sudoers setup:

%developer ALL = (hg) NOPASSWD: /home/hg/scripts/create_repo.sh

What I'm trying to run:

user@nebu:~$ id
uid=1000(user) gid=1000(user) groups=4(adm),20(dialout),24(cdrom),46(plugdev),105(lpadmin),113(sambashare),116(admin),1000(user),1001(developer)

user@nebu:~$ sudo -l
Matching Defaults entries for user on this host:
    env_reset

User user may run the following commands on this host:
    (ALL) ALL
    (hg) NOPASSWD: /home/hg/scripts/create_repo.sh

user@nebu:~$ sudo -u hg /home/hg/scripts/create_repo.sh
/home/hg/scripts/create_repo.sh: line 3: colors.sh: Permission denied

So the script is executed, but halts when it tries to include the other script.

I have also tried using:

user@nebu:~$ sudo -u hg /bin/bash /home/hg/scripts/create_repo.sh

Which gives the same result.

What is the correct way to include another shell script, if the script may be ran with a different user, through sudo?