I have a post-receive hook that call a bash script of mine (which will pull the local repo and restart the Java server).
Here's the owner info of the post-receive hook :
-rwsr-x--x 1 cyril devs 676 19 dec. 14:45 post-receive
As you can see, I set the setuid bit
on this script in order to be run as cyril/devs
also for other users.
The content of this script is rather simple :
echo "Running post-receive hook"
echo "Server will be up and running in about 1 minute"
/home/project/start_dev restart &
My script start_dev
has those rights :
-rwsr-x--- 1 cyril devs 1515 19 dec. 14:41 start_dev
Note: also the setuid.
If I push something to the server with the account cyril
, it works perfectly.
If someone else, with an other account, push to the server, they got :
remote: /home/project/start_dev: line 52: kill: (11490) - Operation not allowed
(The kill is used to stop the instance.)
Why they have this errors, the script should be run as cyril
, not the user, thus they should have the right to kill this instance, right?
What am I doing wrong?