SVN privilege for newly created user
I am required to create a new user and then svn co into the newly created user's home directory by calling a bash script from a php page.
The below example is a line from the sudoers file which I saw at some other forum.
http ALL=NOPASSWD:/usr/sbin/useradd,/bin/mkdir,/bin/ln,/bin/chown,/bin/cp,/bin/sedThis line obviously sets a passwordless sudo for the user http and adds privileges to the user http to use useradd, mkdir, chown, cp and sedcommands. I would not like to disable the sudo prompt for all users but just for the newly created user (I had seen an answer regarding commenting a certain line in the sudoers file for preventing the sudo password prompt here at AU).
Similarly I would like to add svn privileges onto the www-data user.
www-data ALL=NOPASSWD: /usr/sbin/useradd,/bin/svnCurrently the www-data user is able to create a new user using the useradd command, but is unable to use the svn command. ( I may be doing it completely wrong so feel free to correct me)
This is the bash script that I am trying to run.
sudo useradd newuser -d /home/newuser -s /bin/bash -m -p password
echo yes | sudo svn --username [username] --password [password] co [SVN link] /home/newuser/public_htmlWhen I try to call this script from the php page using the command
$output = shell_exec("sh ./includes/setupsite.sh 2>&1");
I get the error
sudo: no tty present and no askpass program specified for the second line (the svn co line)
But instead when I try to run without sudo I get
----------------------------------------------------------------------- ATTENTION! Your password for authentication realm: Authentication Required can only be stored to disk unencrypted! You are advised to configure your system so that Subversion can store passwords encrypted, if possible. See the documentation for details. You can avoid future appearances of this warning by setting the value of the 'store-plaintext-passwords' option to either 'yes' or 'no' in '/var/www/.subversion/servers'. ----------------------------------------------------------------------- Store password unencrypted (yes/no)? svn: Can't make directory '/home/newuser/public_html': Permission denied
So that made it obvious that sudo might be required. I saw a similar question here itself. But that was not answered and the answer provided didn't solve my issue.
Update: The file permissions/ownership are:
-rwxrwxrwx 1 www-data www-data 326 2012-08-08 17:56 setupsite.sh
If you need any clarifications please leave a comment and I'll edit my question to add those details (provided that I have them) ASAP.
1 Answer
The command which [command] lets you know which terminal command is being called.
For example in my question I have entered a www-data ALL=NOPASSWD: /usr/sbin/useradd, notice the last part /usr/bin/useradd this is the actual location of the useradd command that is called by the terminal. This may be obtained by use of which useradd.
Similarly you can also add search for the svn command using which svn and this will give you the location of the svn command. In my case, it gave me /usr/bin/svn and so when I edited the line
www-data ALL=NOPASSWD: /usr/sbin/useradd,/bin/svn
into
www-data ALL=NOPASSWD: /usr/sbin/useradd,/usr/bin/svn
the www-data user got svn privileges and I was able to do password-less sudo for the www-data user.
More in general
"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"
