[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: hotbackup and bdb log permissions, svn 1.1.1

From: Bruce Elrick <bruce_at_elrick.ca>
Date: 2005-01-07 15:55:24 CET

solo turn wrote:

>hi,
>
>for hotbackup, we use root's crontab to start a script containing:
>/usr/lib/subversion/hot-backup.py /var/lib/svn/rep /backup/svn/
>
>on debian, we upgraded to:
># svn --version
>svn, version 1.1.1 (r11581)
> compiled Dec 15 2004, 19:22:46
># wajig list-wide libdb4
>ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [runtime]
>
>now (in rare cases) there are db log files with root's permission
>created, which we did not notice before:
>
># ls -l db
>...
>-rw------- 1 www-data www-data 1738 2004-02-04 04:10 DB_CONFIG
>-rw------- 1 www-data www-data 1048546 2005-01-07 03:00 log.0000000001
>-rw-r--r-- 1 root root 1566 2005-01-07 03:00 log.0000000002
>...
>
>is this by design, or a flaw?
>
>
This happened to me with 0.35, so it is a long-running "issue".

Subversion running as root does not do anything fancy to switch users to
the owner of the BDB files. hot-backup.py opens a BDB context which
even though it is (largely) read-only can cause a new log file to be
created (the nature of BDB even if the action is read-only) which of
course has root's permission.

The solution is simply to either 'su' to the www-data user and run the
host-backup in root's crontab, or even easier, run the hot-backup in
www-data's crontab.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jan 7 15:56:52 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.