You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Wesley Spadola <ws...@chinookglobal.com> on 2003/07/15 15:56:04 UTC

Permissions problem?


Please forgive me if this e-mail is long winded.  I do not know if there is
a separate 'user support' mailing list, so hopefully posting it to the dev
mailing list is appropriate.  Here goes:

I have been trying to understand the permissions for Subversion.  I can't
seem to understand if and why SVN is switching permission bits on me, or if
I'm doing something incorrect with my initial 'svnadmin create' set up to
create the problem in the first place.

I have read the Subversion book at http://svnbook.reb-bean.com/  but it
fails to mention the circumstances under which one creates a repository
(under root, under the svn user, or a possible unix user account which will
have repository committer access).

I am running Subversion 0.25 dev build with debugging turned on;  FreeBSD
5.1 with Apache2 2.0.47 (FreeBSD port).  Subversion was built with the
following command line:

/usr/local/subversion/bin/svn up ; make distclean ; sh ./autogen.sh ;
./configure --prefix=/usr/local/subversion --enable-maintainer-mode
--with-apr=/usr/local/lib/apache2/apr-config
--with-apr-util=/usr/local/lib/apache2/apu-config --with-neon=/usr/local
--with-apxs=/usr/local/sbin/apxs ; make

I am the only one using this Subversion installation;  it is my personal
development sandbox.

I attempted to browse my repository through a web browser this morning and
received the following message back:

Berkeley DB error while checkpointing after Berkeley DB transaction for
filesystem /usr/local/svn/repos/doublespeak/db: DB_RUNRECOVERY: Fatal error,
run database recovery 

So I ran /usr/local/subversion/bin/svnadmin recover
/usr/local/svn/repos/doublespeak

It ran without any problems.  When I attempted to browse the repository
through the web browser again, I received a permission denied error.  I had
done nothing except run the recover facility, so I assumed that it reset the
permission bits on my repository's physical filesystem directory.  This is
what the listing looked like:

dante# ls -al
total 5342
drwxrwxr-x  2 root  svn      512 Jul 15 10:40 .
drwxrwxr-x  6 root  svn      512 Mar 15 11:26 ..
-rw-rw-r--  1 root  svn     1282 Mar 15 11:26 DB_CONFIG
-rw-r--r--  1 root  svn     8192 Jul 15 10:40 __db.001
-rw-r--r--  1 root  svn   270336 Jul 15 10:40 __db.002
-rw-r--r--  1 root  svn   327680 Jul 15 10:40 __db.003
-rw-r--r--  1 root  svn   712704 Jul 15 10:40 __db.004
-rw-r--r--  1 root  svn    16384 Jul 15 10:40 __db.005
-rw-rw-r--  1 root  svn    32768 Jul 15 10:40 changes
-rw-rw-r--  1 root  svn    32768 Jul 15 10:40 copies
-rw-rw-r--  1 root  svn  1046278 Mar 30 13:00 log.0000000001
-rw-rw-r--  1 root  svn  1048420 Apr  3 13:06 log.0000000002
-rw-rw-r--  1 root  svn  1037729 Jun 13 12:06 log.0000000003
-rw-r--r--  1 root  svn   259000 Jul 15 10:40 log.0000000004
-rw-rw-r--  1 root  svn    32768 Jul 15 10:40 nodes
-rw-rw-r--  1 root  svn    65536 Jul 15 10:40 representations
-rw-rw-r--  1 root  svn    32768 Jul 15 10:40 revisions
-rw-rw-r--  1 root  svn   868352 Jul 15 10:40 strings
-rw-rw-r--  1 root  svn    32768 Jul 15 10:40 transactions
-rw-rw-r--  1 root  svn    32768 Jul 15 10:40 uuids

As soon as I ran 'chmod 644 *' and reloaded by web browser, everything
worked 'as it should' as before.

Now as I understand it, the svn group (of which the Apache2 'www' user is a
member) did not have write access to a few files; when I granted the svn
group write access to the rest of it, it operated as before.

Would someone kindly explain to me what svnadmin does to reassign
permissions, or what I should have done when I initially created the
repository (should I have run svnadmin create as a certain user, certain
group, in a certain directory?) so as to prevent this conflict?

Thanks,
Wesley

-------------------
Below is a list of relevant configuration information: The group file,
directory permissions and owners, an excerpt from the httpd.conf file, the
Apache log.

Relavant portion of /etc/group:

svn:*:90:root,wesley,www

Relevant directory listings:

dante# cd /usr/local/svn
dante# ls -al
total 6
drwxrwxr-x   3 root  svn    512 Mar 15 11:25 .
drwxr-xr-x  18 root  wheel  512 Apr  2 10:49 ..
drwxrwxr-x   4 root  svn    512 Jun 20 16:16 repos

dante# cd repos
dante# ls
doublespeak
dante# ls -al
total 8
drwxrwxr-x  4 root  svn  512 Jun 20 16:16 .
drwxrwxr-x  3 root  svn  512 Mar 15 11:25 ..
drwxrwxr-x  6 root  svn  512 Mar 15 11:26 doublespeak

/usr/local/etc/apache2/httpd.conf:

<Location /repos>
  DAV svn
  SVNParentPath /usr/local/svn/repos
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /usr/local/etc/apache2/svn-users
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

/usr/local/etc/apache2/svn-users:

wesley:xxxxxxxxxxxxxxxx

/var/log/httpd-error.log:

[Tue Jul 15 10:41:58 2003] [error] [client xxx.xxx.xxx.xxx] Could not open
the SVN filesystem at /usr/local/svn/repos/doublespeak  [500, #160029]
[Tue Jul 15 10:41:58 2003] [error] [client xxx.xxx.xxx.xxx] (13)Permission
denied: Berkeley DB error while opening environment for filesystem
/usr/local/svn/repos/doublespeak/db: Permission denied  [500, #160029]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Permissions problem?

Posted by Ben Collins-Sussman <su...@collab.net>.

Wesley Spadola <ws...@chinookglobal.com> writes:

> Would someone kindly explain to me what svnadmin does to reassign
> permissions, or what I should have done when I initially created the
> repository (should I have run svnadmin create as a certain user, certain
> group, in a certain directory?) so as to prevent this conflict?

Every process has a umask.  When a process accesses the database files
directly, it can potentially change perms (or ownership) as a result,
messing things up for the next process that comes along.

Read the "repository permissions" section in chapter 5.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org