Reputation: 33
how to run mercurial commands as another user with sudoers
All our developers are able to log in to our staging server via ssh.
When they run any hg command on the staging servers it makes them the owner of the updated/new files. I need these files to be owned by the user/group www-data.
I tried editing the sudoers files to this
Cmnd_Alias WWW_DATA_CMDS = /usr/bin/svn, /usr/bin/hg
%developers ALL=(www-data) NOPASSWD: WWW_DATA_CMDS
As you can see we have SVN on the server as well (we are moving away from SVN to HG) and this setup works fine for SVN, if we run the SVN command it creates files as www-data
How do I get the same to work for Mercurial?
Upvotes: 1
Views: 391
Answers (1)
Reputation: 1945
First understand that there's no magic here. Mercurial always creates files as the user it runs as, end of story. It doesn't try (and doesn't even have permission) to do anything else.
That means that if you run hg only via sudo, and the permissions of the existing files are right, it WILL do what you want here.
But that also means that if users run hg without sudo, and they have the right permissions, they WILL make a mess. Mercurial is content to let you do whatever is allowed by the Unix permission model.
There are three approaches to dealing with this:
- slap knuckles with a ruler until people use sudo consistently
- use a wrapper like mercurial-server that funnels all users into one account
- properly configure group, umask, ownerships, and permissions so things can actually be shared
This last works as follows:
- make sure every user X has a matching default group X (most modern systems already do this)
- add everyone (and wwwdata) to a secondary group project-foo
- make sure everyone's umask is set at login to NOT mask group read/write (umask 007, not 077)
- set all files in the project to be in group project foo (chgrp -R project-foo foo/)
- make all files read/write by that group (chmod -R g+rw foo/)
- make all directories traversable and setgid (find foo/ -type d | xargs chmod g+sx)
This will ensure that every time a user creates a file in the project, it will be read/write for everyone else in the group.
Upvotes: 2
Related Questions
- Must be root to push/commit to mercurial repositories
- Mercurial - execute as other user
- How to do svn commit as different user?
- Mercurial-server add permissions to my repository
- SVN: Force svn daemon to run under different user
- Mercurial over SSH with usernames overridden
- Setting-up multiple mercurial users under the same user account
- How to set permissions so two users can work on the same hg repository?
- Error accessing mercurial with non-root user
- using sudo with mercurial and ssh authentication