You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@subversion.apache.org by "Jeremy Kastner (Jira)" <ji...@apache.org> on 2020/08/14 14:01:00 UTC
[jira] [Comment Edited] (SVN-4622) revert as root always notifies
for files
[ https://issues.apache.org/jira/browse/SVN-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177789#comment-17177789 ]
Jeremy Kastner edited comment on SVN-4622 at 8/14/20, 2:00 PM:
---------------------------------------------------------------
I have encountered this as well. From what I can tell, when svn calculates these permissions it ignores root powers, group ownership, and ACL. We use svn in our deployment process along with Jenkins. Historically, we've used the same shared user for everything we did across most servers, so this was never a problem. But now we've diversified the users for security, Jenkins has a user, developers have different users, and the Apache user still needs access to the application files along with everyone else. We're using a combination of groups and ACL to give all the right users access to the application files, but this bug comes up.
Right now our repo is owned by apache:devops, and even though my user and primary group is devops, and my file permissions are 664, this bug comes up. Jenkins is also a member of devops and this still happens, filling our log with "Reverted".
I've tested and file changes still get reverted, so I don't think there's any functional impact here. Although it does make me leery of what other problems this could cause.
was (Author: jkastner):
I have encountered this as well. From what I can tell, when svn calculates these permissions it ignores root powers, group ownership, and ACL. We use svn in our deployment process along with Jenkins. Historically, we've used the same shared user for everything we did across most servers, so this was never a problem. But now we've diversified the users for security, Jenkins has a user, developers have different users, and the Apache user still needs access to the application files along with everyone else. We're using a combination of groups and ACL to give all the right users access to the application files, but this bug comes up.
Right now our repo is owned by apache:devops, and even though my user and primary group is devops, this bug comes up. Jenkins is also a member of devops and this still happens, filling our log with "Reverted".
I've tested and file changes still get reverted, so I don't think there's any functional impact here. Although it does make me leery of what other problems this could cause.
> revert as root always notifies for files
> ----------------------------------------
>
> Key: SVN-4622
> URL: https://issues.apache.org/jira/browse/SVN-4622
> Project: Subversion
> Issue Type: Bug
> Components: libsvn_subr
> Affects Versions: all
> Reporter: Philip Martin
> Priority: Minor
>
> $ svnadmin create repo
> $ svn import -mm repo/format file://`pwd`/repo/f
> $ umask 0022
> $ svn co file://`pwd`/repo wc
> $ sudo svn revert wc/f
> Reverted 'wc/f'
> The function svn_io__is_finfo_read_only() will check the world permissions when invoked with uid=root. A typical umask removes world write so this means that root sees every file as read-only. This causes the revert code to invoke svn_io_set_file_read_write() and notify. However svn_io_set_file_read_write() sets the owner permissions, an operation that succeeds when run as root, and obeys the umask so the world permissions remain read-only.
> Reported by:
> https://mail-archives.apache.org/mod_mbox/subversion-users/201602.mbox/%3C56C0738E.9010508%40i.ua%3E
> http://svn.haxx.se/users/archive-2016-02/0061.shtml
--
This message was sent by Atlassian Jira
(v8.3.4#803005)