Announcement

Collapse
No announcement yet.

commit-access-control.pl access denied

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • commit-access-control.pl access denied

    hello, I'm trying to setup a hook to ensure users enter text and I'm getting the following error when trying to commit from tortoisesvn

    /repos/ncfrepo/hooks/pre-commit line 78

    /repos/ncfrepo/hooks/commit-access-control.pl permission denied.
    /repos/* is all owned by apache:apache on the remote svn server and both scripts are executable. If I run commit-access-control.pl from commandline as root I get the expected usage output.

    here is my pre-commit file below


    REPOS="$1"
    TXN="$2"

    # Make sure that the log message contains some text.
    SVNLOOK=/usr/bin/svnlook
    $SVNLOOK log -t "$TXN" "$REPOS" | \
    grep "[a-zA-Z0-9]" > /dev/null || exit 1

    # Check that the author of this commit has the rights to perform
    # the commit on the files and directories being modified.
    /repos/ncfrepo/hooks/commit-access-control.pl "$REPOS" "$TXN" /repos/ncfrepo/hooks/commit-access-control.cfg || exit 1

    # All checks passed, so allow the commit.
    exit 0

    any ideas?
    Last edited by sub128; 05-22-2014, 02:23 PM.

  • #2
    Hi there,

    Which line from the commit-access-control.pl script is line 78? It sounds like it's having problems running a command on that line, rather than running the script itself.

    Comment


    • #3
      Originally posted by orbrey View Post
      Hi there,

      Which line from the commit-access-control.pl script is line 78? It sounds like it's having problems running a command on that line, rather than running the script itself.
      Line 78 is just a comment in commit-access-control.pl

      line 78

      ################################################## ####################
      # Initial setup/command-line handling.

      &usage unless @ARGV == 3;

      my $repos = shift;
      my $txn = shift;
      my $cfg_filename = shift;

      Comment


      • #4
        Originally posted by orbrey View Post
        Hi there,

        Which line from the commit-access-control.pl script is line 78? It sounds like it's having problems running a command on that line, rather than running the script itself.
        Line 78 is actually just a comment


        ################################################## ####################
        # Initial setup/command-line handling.

        Comment


        • #5
          Is that the whole line? It's hard to tell because it's getting wrapped by the forum. If you could attach the whole file (with any sensitive information edited out) that'd be easier, or wrap the line in code tags from the formatting bar when you post it, it'll stay as it is in the file?

          Comment


          • #6
            Originally posted by orbrey View Post
            Is that the whole line? It's hard to tell because it's getting wrapped by the forum. If you could attach the whole file (with any sensitive information edited out) that'd be easier, or wrap the line in code tags from the formatting bar when you post it, it'll stay as it is in the file?
            It's actually the generic file from http://svn.apache.org/repos/asf/subv.../hook-scripts/ , I have not changed anything. Perhaps I need to make some customization?

            Comment


            • #7
              Possibly, the reason I mention line 78 is because that is the line referenced by the error message - so something on that specific line failed. Unfortunately I can't see from your quotes which is line 78 so can't really help further. As I said above though, if you could quote the full line in CODE tags that will paste it without wrapping, or even better if you could attach the whole file it'd be easier.

              EDIT: Is the error message referencing two separate files there? I can see it mentions pre-commit but also commit-access-control.pl? The line 78 seems to be from pre-commit, and commit-access-control may not have executable permissions going by what you've posted.

              Comment


              • #8
                Originally posted by orbrey View Post
                Possibly, the reason I mention line 78 is because that is the line referenced by the error message - so something on that specific line failed. Unfortunately I can't see from your quotes which is line 78 so can't really help further. As I said above though, if you could quote the full line in CODE tags that will paste it without wrapping, or even better if you could attach the whole file it'd be easier.

                EDIT: Is the error message referencing two separate files there? I can see it mentions pre-commit but also commit-access-control.pl? The line 78 seems to be from pre-commit, and commit-access-control may not have executable permissions going by what you've posted.
                line 78 of pre-commit is
                PHP Code:
                commit-access-control.pl "$REPOS" "$TXNcommit-access-control.cfg || exit 
                I will try it again but I even tried 777 on both pre-commit and commit-access-control.pl,also from my understanding svn is running under apache. I changed the /etc/passwd from nologon to bash and I vertified I can run those scripts from the command line using apache user

                Comment


                • #9
                  Ah! There we go. Your error is happening because pre-commit is trying to call commit-access-control.pl but either a) whatever user is running the pre-commit doesn't have permissions to run it, or b) commit-access-control.pl doesn't have executable permissions set. Those are the two things that spring to mind instantly, anyway.

                  Hope one of them turns out to be the issue and sorts it for you, if not let us know and we'll see what further advice we can offer.

                  EDIT: Hmm. Realise I'm repeating myself and asking you to try things you've tried already, sorry about that.

                  Ah - on reading again, the check that the commit-access-control.pl is performing is to ensure your user (the one you're committing as) has permission to commit to the given directory - might be an error, but could that be the case? That you're committing to a directory you don't have permission to commit to?

                  If it's not that, might be worth a look at commit-access-control to see what it's checking for and make sure that exists. Or, just comment out that line from pre-commit if you don't need it.
                  Last edited by orbrey; 05-28-2014, 03:27 PM.

                  Comment


                  • #10
                    Originally posted by orbrey View Post
                    Ah! There we go. Your error is happening because pre-commit is trying to call commit-access-control.pl but either a) whatever user is running the pre-commit doesn't have permissions to run it, or b) commit-access-control.pl doesn't have executable permissions set. Those are the two things that spring to mind instantly, anyway.

                    Hope one of them turns out to be the issue and sorts it for you, if not let us know and we'll see what further advice we can offer.

                    EDIT: Hmm. Realise I'm repeating myself and asking you to try things you've tried already, sorry about that.

                    Ah - on reading again, the check that the commit-access-control.pl is performing is to ensure your user (the one you're committing as) has permission to commit to the given directory - might be an error, but could that be the case? That you're committing to a directory you don't have permission to commit to?

                    If it's not that, might be worth a look at commit-access-control to see what it's checking for and make sure that exists. Or, just comment out that line from pre-commit if you don't need it.
                    from my understanding, it uses the apache user id? Am I current on this assumption? without any type of pre-commit script, committing works just fine..I'll check in a bit and post back. Thank you for your help

                    Comment


                    • #11
                      The process runs as the apache user, yes, but it uses apache login credentials (depending on how you've set it up) to determine what the permissions the user connecting to git has - unless everyone connects as the same user, which I doubt would be apache/www-data?

                      That's the user permissions I mean - commit-access-control.pl is a script to check that the connecting user has permissions to access or modify the repository and it looks very much like it's rejecting access for you. You could comment out that check in the script if you wish (or comment out the call to commit-access-control.pl in the pre-commit script) just to check if that is what's happening?

                      If it is, you'll either need to leave that script out, edit it to allow you access or check your user's permissions (the ones associated with the account you log in to the server as) in the repositories I suspect.

                      Comment


                      • #12
                        Originally posted by orbrey View Post
                        The process runs as the apache user, yes, but it uses apache login credentials (depending on how you've set it up) to determine what the permissions the user connecting to git has - unless everyone connects as the same user, which I doubt would be apache/www-data?

                        That's the user permissions I mean - commit-access-control.pl is a script to check that the connecting user has permissions to access or modify the repository and it looks very much like it's rejecting access for you. You could comment out that check in the script if you wish (or comment out the call to commit-access-control.pl in the pre-commit script) just to check if that is what's happening?

                        If it is, you'll either need to leave that script out, edit it to allow you access or check your user's permissions (the ones associated with the account you log in to the server as) in the repositories I suspect.
                        Thank you for that clarification

                        Comment

                        Working...
                        X