You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Duprey <jo...@gmail.com> on 2005/09/20 06:29:02 UTC
[users@httpd] Bug: apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
I'm seeing strange behavior with an apache module (Subversion's
mod_svn). Subversion commits through mod_svn are intermittently
failing because files and/or directories are being created with ROOT
ownership!! or permissions such that the user apache cannot write.
This problem happens frequenlty, but _not_always_, so I know it isn't
an outright configuration problem in apache or subversion. Apache is
set to run as user apache. I've posted this to the subversion mailing
lists and plan to file a bug.
It dawned on me that this might be a problem with apache and or
configuration. I've tried a minimal config (no virtual hosts, no
extra modules like php, etc) and have not been able to find the bug.
Should a module get away with creating a file as root when apache is
explicitly configured not to do so? Can you suggest anything that I
might try to fix or identify this problem?
The full details can be found below, which is my second post to the
subversion users/dev mailing list.
I sure would appreciate it if someone could help me out with this if
they can think of an apache cause for this problem.
Thanks (details below)
-John
-------------------------------
Details:
I'm about to file a subversion bug in relation to apache/mod_svn
intermittently creating transaction dirs with incorrect permissions or
ownership such that the transaction breaks.
Many times during the day commits are failing with an error message
like the following:
[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
Could not create activity
/svn/ResultsPlus/!svn/act/a24ba835-0155-2042-a734-13818c448007. [500, #0]
[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
could not begin a transaction [500, #13]
[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
Can't open file
'/svnroot/repos/ResultsPlus/db/transactions/90-1.txn/node.0.0':
Permission denied [500, #13]
Inspection on the server side reveals one of 2 scenarios:
1. The transaction directory (e.g.
/svnroot/repos/reposname/db/transactions/90-1.txn) has the wrong
permissions and cannot be populated by the apache user (apache) - i.e.
drw-rwSrw-
2. The props file in the transaction directory (e.g.
/svnroot/repos/reposname/db/transactions/90-1.txn/props) is owned by
the root user and ONLY user has write permissions
If the commit is retried, it may or may not succeed. To temporarily
fix the problem, I must restart apache, and delete the broken
transaction directories.
I am now running the latest stable apache(httpd-2.0.54) and
subversion(subversion-1.2.3) built from scratch. (This problem was
first observed with prebuilt RPMS.) I am running Intel RedHat
Enterprise Server 3 (rhel-3). I have audited the system extensively
in an effort to identify any external processes that could be causing
this problem and found now.
I have a little bash script that will repeatedly modify, commit, and
sleep 1 second that tests subversion. I can reproduce this error
within 10 - 30 commits. I posted this problem before
(http://svn.haxx.se/users/archive-2005-09/0228.shtml). More details
can be found in that post. This problem was reported by another user
as well in June (http://svn.haxx.se/users/archive-2005-06/1629.shtml)
-- on Solaris. He was able to work around the problem by using
setfacl however, rhel-3 (kernel 2.4) doesn't appear to support setfacl
completely.
If anyone can help me debug this problem further I'd appreciated it.
I'm willing to try almost anything - a debug version of subversion,
apache etc. If you'd like more information, please ask me.
Otherwise, I'd welcome any tips for successfully logging a bug on
subversion.trigris.org.
I feel I've exhausted all configuration possibilities between
apache-subversion. I've tried creating a test repository from scratch
- ensuring all commands out-of-apache-web-server were done as apache
(sudo -u apache svnadmin ...). I've tried different file system
locations. I've removed all but svn functionality from apache. I've
used the simplest svn configuration possible..
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Bug: apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
Posted by John Duprey <jo...@gmail.com>.
Joe,
> Are you running any other third-party modules in this httpd
> installation?
I am, but in one of my many tests, I disabled all but subversion and
it still reproduced the problem. It doesn't happen every time, but it
happens often.
-John
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Bug: apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Sep 20, 2005 at 12:29:02AM -0400, John Duprey wrote:
> I'm seeing strange behavior with an apache module (Subversion's
> mod_svn). Subversion commits through mod_svn are intermittently
> failing because files and/or directories are being created with ROOT
> ownership!! or permissions such that the user apache cannot write.
> This problem happens frequenlty, but _not_always_, so I know it isn't
> an outright configuration problem in apache or subversion. Apache is
> set to run as user apache. I've posted this to the subversion mailing
> lists and plan to file a bug.
Are you running any other third-party modules in this httpd
installation?
If you can get the server into a state where newly created directories
always have the wrong permissinos, you could strace a child process and
see exactly what it is doing.
joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
Posted by Joshua Slive <js...@gmail.com>.
On 9/20/05, John Duprey <jo...@gmail.com> wrote:
> I'm seeing strange behavior with an apache module (Subversion's
> mod_svn). Subversion commits through mod_svn are intermittently
> failing because files and/or directories are being created with ROOT
> ownership!! or permissions such that the user apache cannot write.
> This problem happens frequenlty, but _not_always_, so I know it isn't
> an outright configuration problem in apache or subversion. Apache is
> set to run as user apache. I've posted this to the subversion mailing
> lists and plan to file a bug.
I have never seen a report of an apache child process writing content
as root, so my first reaction is that you have some other process
accessing the repository as root and screwing up your permissions. In
your examples, you should the effect of having a root-owned file in
the repository, but you never show apache creating such a file. Are
you *absolutely positive* that it is apache creating the file?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.
Posted by John Duprey <jo...@gmail.com>.
I sent this last night, but did not see it come across the list, so
I'm sending it again. My apologies if this is a duplicate.
--
I'm seeing strange behavior with an apache module (Subversion's
mod_svn). Subversion commits through mod_svn are intermittently
failing because files and/or directories are being created with ROOT
ownership!! or permissions such that the user apache cannot write.
This problem happens frequenlty, but _not_always_, so I know it isn't
an outright configuration problem in apache or subversion. Apache is
set to run as user apache. I've posted this to the subversion mailing
lists and plan to file a bug.
It dawned on me that this might be a problem with apache and or
configuration. I've tried a minimal config (no virtual hosts, no
extra modules like php, etc) and have not been able to find the bug.
Should a module get away with creating a file as root when apache is
explicitly configured not to do so? Can you suggest anything that I
might try to fix or identify this problem?
The full details can be found below, which is my second post to the
subversion users/dev mailing list.
I sure would appreciate it if someone could help me out with this if
they can think of an apache cause for this problem.
Thanks (details below)
-John
-------------------------------
Details:
I'm about to file a subversion bug in relation to apache/mod_svn
intermittently creating transaction dirs with incorrect permissions or
ownership such that the transaction breaks.
Many times during the day commits are failing with an error message
like the following:
[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
Could not create activity
/svn/ResultsPlus/!svn/act/a24ba835-0155-2042-a734-13818c448007. [500, #0]
[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
could not begin a transaction [500, #13]
[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
Can't open file
'/svnroot/repos/ResultsPlus/db/transactions/90-1.txn/node.0.0':
Permission denied [500, #13]
Inspection on the server side reveals one of 2 scenarios:
1. The transaction directory (e.g.
/svnroot/repos/reposname/db/transactions/90-1.txn) has the wrong
permissions and cannot be populated by the apache user (apache) - i.e.
drw-rwSrw-
2. The props file in the transaction directory (e.g.
/svnroot/repos/reposname/db/transactions/90-1.txn/props) is owned by
the root user and ONLY user has write permissions
If the commit is retried, it may or may not succeed. To temporarily
fix the problem, I must restart apache, and delete the broken
transaction directories.
I am now running the latest stable apache(httpd-2.0.54) and
subversion(subversion-1.2.3) built from scratch. (This problem was
first observed with prebuilt RPMS.) I am running Intel RedHat
Enterprise Server 3 (rhel-3). I have audited the system extensively
in an effort to identify any external processes that could be causing
this problem and found now.
I have a little bash script that will repeatedly modify, commit, and
sleep 1 second that tests subversion. I can reproduce this error
within 10 - 30 commits. I posted this problem before
(http://svn.haxx.se/users/archive-2005-09/0228.shtml). More details
can be found in that post. This problem was reported by another user
as well in June (http://svn.haxx.se/users/archive-2005-06/1629.shtml)
-- on Solaris. He was able to work around the problem by using
setfacl however, rhel-3 (kernel 2.4) doesn't appear to support setfacl
completely.
If anyone can help me debug this problem further I'd appreciated it.
I'm willing to try almost anything - a debug version of subversion,
apache etc. If you'd like more information, please ask me.
Otherwise, I'd welcome any tips for successfully logging a bug on
subversion.trigris.org.
I feel I've exhausted all configuration possibilities between
apache-subversion. I've tried creating a test repository from scratch
- ensuring all commands out-of-apache-web-server were done as apache
(sudo -u apache svnadmin ...). I've tried different file system
locations. I've removed all but svn functionality from apache. I've
used the simplest svn configuration possible..
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org