Help with SVN+SSH permissions with CentOS/WHM setup
- by Furiam
Hi Folks, I'll try my best to explain how I'm trying to set up this system.
Imagine a production server running WHM with various sites. We'll call these sites... site1, site2, site2
Now, with the WHM setup, each site has a user/group defined for them, we'll keep these users/groups called site1,site2 for simplicity reasons.
Now, updating these sites is accomplished using SVN, and through the use of a post commit script to auto update these sites (With .svn blocked through the apache configuration).
There are two regular maintainers of these sites, we'll call them Joe and Bob. Joe and Bob both have commandline access to the server through thier respective limited accounts.
So I've done the easy bit, managed to get SVN working with these "maintainers" so that when an SVN commit occurs, the changes are checked out and go live perfectly.
Here's the cavet, and ultimately my problem. User permissions.
Through my testing of this setup, I've only managed to get it working by giving what is being updated permissions of 777, so that Joe and Bob can both read and write access to webfront directories for each of the sites.
So, an example of how it's set up now:
Joe and Bob both belong to a group called "Dev". I have the master /svn folders set up for both read and write access to this group, and it works great. Post commit triggers, updates the site, and then sets 777 on each file within the webfront.
I then changed this to try and factor in group permission updates, instead of straight 777.
Each folder in /home/site1/public_html intially gets given a chmod of 664, and each folder 775
Which looks a little something like this
drwxrwxr-x .
drwxrwxr-x ..
drwxrwxr-x site1 site1 my_test_folder
-rw-rw-r-- site1 site1 my_test_file
So site1 is sthe owner and group owner of those files and folders. So I then added site1 to Joe and Bobs secondary groups so that the SVN update will correctly allow access to these files.
Herein lies the problem now.
When I wish to add a file or folder to /home/site1, say Bobs_file, it then looks like this
drwxrwxr-x .
drwxrwxr-x ..
drwxr-xr-x Bob dev bobs_folder
drwxrwxr-x site1 site1 my_test_folder
-rw-rw-r-- Bob dev bobs_file
-rw-rw-r-- site1 site1 my_test_file
How can I get it so that with the set of user permissions Bob has available, to change the owner and group owner of that file to reflect "site1" "site1". As Bob belongs to Dev I can set the permissions correctly with CHMOd, but It appears CHGRP is throwing back operation errors.
Now this was long winded enough to give an overview of exactly what I'm trying to accomplish, just incase I'm going about this arse-over-tit and there's a far easier solution. Here's my goals
2 people to update
multiple user accounts specified given the structure of WHM
Trying to maintain master user/group permissions of file and folders to the original user account, and not the account of the updatee.
I like the security of SVN+SSH over just SVN.
Don't want to run all this over root.
I hope this made sense, and thanks in advance :)
