You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Davy Durham <pu...@davyandbeth.com> on 2004/09/20 18:54:19 UTC
file perms in the db dir
Hi,
On linux I'm setting up a svnserve environment also using websvn for
viewing from the web. For the difference in users (user svn vs user
apache) I've just made apache a member of the svn group. So as long as
all the files in the db dir are group writable and owned by svn
everything is fine.
Well, all is well until after many operations it creates a new
log.000000## file and perms are wrong, and sometimes the new log file is
owned by apache instead of svn if websvn caused the creation of the log
file.
My question is in DB_CONFIG can I specify perms that the new file will
be created with? Or can it be done with sticky bits on the db dir itself?
I've looked at the sleepycat docs and didn't see anything. And I wasn't
sure if something in svn was setting the perms itself.
It'd just like the files to be owned by svn and perms be 664
Thanks,
Davy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: server config settings (was "Re: file perms in the db dir")
Posted by Max Bowsher <ma...@ukf.net>.
Alan Bram wrote:
> On this topic, I'm wondering why we can't set up auto-props on the
> server,
Because no one has designed and coded that yet.
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
server config settings (was "Re: file perms in the db dir")
Posted by Alan Bram <al...@panscopic.com>.
On this topic, I'm wondering why we can't set up auto-props on the
server, instead of relying on every client to do it. As a repository
administrator, I'd like to enforce a policy that all *.java, *.xml,
etc. files get a svn:eol-style property of "native".
As it is now, I'm trying to depend on a post-commit script to look for
new files and make an extra revision to set the property if the user
failed to do so.
> Wow.. it really seems to me that the conf directory could use a config
> file for setting such settings as umask. All the tools should apply
> this configuration before doing anything.
>
> I don't know if umask is the only thing so far where we could benifit
> from a common config file in the repo directory, but if so then perhaps
> just a umask conf file should be there.
>
> -- Davy
>
> Steve Greenland wrote:
>
> >Bingo.
> >
> >On my svn server, I have this script as /usr/local/bin/svnwrap:
> >
> >#!/bin/sh
> ># Generic wrapper for svn commands to enforce correct umask
> >umask 002
> >cmdname=`basename $0`
> >/usr/bin/$cmdname "$@"
> >
> >I also have these links in /usr/local/bin:
> >
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:38 svn -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnversion -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnshell -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnserve -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnlook -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svndumpfilter -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnadmin -> svnwrap*
> >lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svn_load_dirs -> svnwrap*
> >-rwxr-xr-x 1 root staff 174 Sep 3 11:25 svnwrap*
> >
> >Getting all these wrapped ensures that any access, either via svn:,
> >svn+ssh:, or just local access doesn't screw up the permissions (we
> >don't use webdav.)
> >
> >
> >Steve
> >
> >
> >
> >
> >
> >
> >
> >
> >>Then again.. (as I was just looking around on google) I found:
> >>http://svnbook.red-bean.com/svnbook-1.0/ch06s05.html which might answer
> >>all my questions :)
> >>
> >>Thanks,
> >> Davy
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> >>For additional commands, e-mail: users-help@subversion.tigris.org
> >>
> >>
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file perms in the db dir
Posted by Davy Durham <pu...@davyandbeth.com>.
Wow.. it really seems to me that the conf directory could use a config
file for setting such settings as umask. All the tools should apply
this configuration before doing anything.
I don't know if umask is the only thing so far where we could benifit
from a common config file in the repo directory, but if so then perhaps
just a umask conf file should be there.
-- Davy
Steve Greenland wrote:
>Bingo.
>
>On my svn server, I have this script as /usr/local/bin/svnwrap:
>
>#!/bin/sh
># Generic wrapper for svn commands to enforce correct umask
>umask 002
>cmdname=`basename $0`
>/usr/bin/$cmdname "$@"
>
>I also have these links in /usr/local/bin:
>
>lrwxrwxrwx 1 root staff 7 Sep 3 08:38 svn -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnversion -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnshell -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnserve -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnlook -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svndumpfilter -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnadmin -> svnwrap*
>lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svn_load_dirs -> svnwrap*
>-rwxr-xr-x 1 root staff 174 Sep 3 11:25 svnwrap*
>
>Getting all these wrapped ensures that any access, either via svn:,
>svn+ssh:, or just local access doesn't screw up the permissions (we
>don't use webdav.)
>
>
>Steve
>
>
>
>
>
>
>
>
>>Then again.. (as I was just looking around on google) I found:
>>http://svnbook.red-bean.com/svnbook-1.0/ch06s05.html which might answer
>>all my questions :)
>>
>>Thanks,
>> Davy
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>>For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file perms in the db dir
Posted by Steve Greenland <st...@lsli.com>.
On Mon, Sep 20, 2004 at 03:18:40PM -0500, Davy Durham wrote:
> So how do I make sure it is 002 for both the websvn php scripts (I can
> easily edit that) AND svnserve (which I can't edit without recompiling
> and I didn't compile svnserve in the first place, but I suppose I
> could)? Seem like a good config parameter or something if it isn't
> already. Maybe I could exec the real svnserve from a bash script where
> I can set it.
Bingo.
On my svn server, I have this script as /usr/local/bin/svnwrap:
#!/bin/sh
# Generic wrapper for svn commands to enforce correct umask
umask 002
cmdname=`basename $0`
/usr/bin/$cmdname "$@"
I also have these links in /usr/local/bin:
lrwxrwxrwx 1 root staff 7 Sep 3 08:38 svn -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnversion -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnshell -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnserve -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnlook -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svndumpfilter -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svnadmin -> svnwrap*
lrwxrwxrwx 1 root staff 7 Sep 3 08:40 svn_load_dirs -> svnwrap*
-rwxr-xr-x 1 root staff 174 Sep 3 11:25 svnwrap*
Getting all these wrapped ensures that any access, either via svn:,
svn+ssh:, or just local access doesn't screw up the permissions (we
don't use webdav.)
Steve
>
> Then again.. (as I was just looking around on google) I found:
> http://svnbook.red-bean.com/svnbook-1.0/ch06s05.html which might answer
> all my questions :)
>
> Thanks,
> Davy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask
about Exchange Server next.
-- (Stolen from the net)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file perms in the db dir
Posted by Davy Durham <pu...@davyandbeth.com>.
Dominic Anello wrote:
>On 2004-09-20 13:54:19 -0500, Davy Durham wrote:
>
>
>>Hi,
>> On linux I'm setting up a svnserve environment also using websvn for
>>viewing from the web. For the difference in users (user svn vs user
>>apache) I've just made apache a member of the svn group. So as long as
>>all the files in the db dir are group writable and owned by svn
>>everything is fine.
>>
>>Well, all is well until after many operations it creates a new
>>log.000000## file and perms are wrong, and sometimes the new log file is
>>owned by apache instead of svn if websvn caused the creation of the log
>>file.
>>
>>My question is in DB_CONFIG can I specify perms that the new file will
>>be created with? Or can it be done with sticky bits on the db dir itself?
>>I've looked at the sleepycat docs and didn't see anything. And I wasn't
>>sure if something in svn was setting the perms itself.
>>
>>It'd just like the files to be owned by svn and perms be 664
>>
>>
>>
>
>You should set the sticky bit on the DB directory and make sure all
>repository access is with a 002 umask. AFAIK neither BDB nor svn does
>anything with its permissions.
>
>
>
Ok, I had tried already to set the user and group sticky bits on the db
dir, but that didn't work. So I suppose the umask is important.
Do I need to alter any code to make sure the umask is 002? (umask is
new to me.. but I just read about it in man) It's an attribute of the
process that will be creating files. So how do I make sure it is 002
for both the websvn php scripts (I can easily edit that) AND svnserve
(which I can't edit without recompiling and I didn't compile svnserve in
the first place, but I suppose I could)? Seem like a good config
parameter or something if it isn't already. Maybe I could exec the real
svnserve from a bash script where I can set it.
Then again.. (as I was just looking around on google) I found:
http://svnbook.red-bean.com/svnbook-1.0/ch06s05.html which might answer
all my questions :)
Thanks,
Davy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: file perms in the db dir
Posted by Dominic Anello <da...@danky.com>.
On 2004-09-20 13:54:19 -0500, Davy Durham wrote:
> Hi,
> On linux I'm setting up a svnserve environment also using websvn for
> viewing from the web. For the difference in users (user svn vs user
> apache) I've just made apache a member of the svn group. So as long as
> all the files in the db dir are group writable and owned by svn
> everything is fine.
>
> Well, all is well until after many operations it creates a new
> log.000000## file and perms are wrong, and sometimes the new log file is
> owned by apache instead of svn if websvn caused the creation of the log
> file.
>
> My question is in DB_CONFIG can I specify perms that the new file will
> be created with? Or can it be done with sticky bits on the db dir itself?
> I've looked at the sleepycat docs and didn't see anything. And I wasn't
> sure if something in svn was setting the perms itself.
>
> It'd just like the files to be owned by svn and perms be 664
>
You should set the sticky bit on the DB directory and make sure all
repository access is with a 002 umask. AFAIK neither BDB nor svn does
anything with its permissions.
-Dominic