Trac post commit hook permission problem

Tags: python, thehealthagency

Trac has a nice subversion post-commit hook script. Once enabled you can put special markers in your commit messages:

  • “closes #1234” or “fixes #1234” automatically closes bug 1234 with a resolution of “fixed”. And your full commit message is appended as a comment to the bug. You can specify multiple numbers: “fixes #12, #13 and #14”.

  • “re #1234”, “see #1234”, “addresses #1234”, “refs #1234” and some other variants append your full commit message as a comment to the bug. This also includes a link to the changeset.

Problem: the user that effectively runs the post-commit script has not always the proper permissions to access the trac database. I experimented with a setuid C wrapper that you find a lot when googling: no success. Setuid post commit script: no success.

The solution was simple: allow your users (in my case a group) to execute the trac post commit script as the user that runs trac. For this, enter a line like this in your /etc/sudoers file:

# The relevant users are in the "src" group.
%src   ourhost = (tracuser) NOPASSWD: /path/to/tracpostcommithook

And in your /path/to/svn/hooks/post-commit:

/usr/bin/sudo -u tracuser /path/to/tracpostcommithook -r $REV ....

Writing it down in this blog post so that I can google it in three years time when I’ve forgotten how to do it :-) logo

About me

My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.

Weblog feeds

Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):