switching the user would be a nice idea, also for "svn recover" :)
On Fri, 07 Jan 2005 07:55:24 -0700, Bruce Elrick <bruce@elrick.ca> wrote:
> solo turn wrote:
>
> >hi,
> >
> >for hotbackup, we use root's crontab to start a script containing:
> >/usr/lib/subversion/hot-backup.py /var/lib/svn/rep /backup/svn/
> >
> >on debian, we upgraded to:
> ># svn --version
> >svn, version 1.1.1 (r11581)
> > compiled Dec 15 2004, 19:22:46
> ># wajig list-wide libdb4
> >ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [runtime]
> >
> >now (in rare cases) there are db log files with root's permission
> >created, which we did not notice before:
> >
> ># ls -l db
> >...
> >-rw------- 1 www-data www-data 1738 2004-02-04 04:10 DB_CONFIG
> >-rw------- 1 www-data www-data 1048546 2005-01-07 03:00 log.0000000001
> >-rw-r--r-- 1 root root 1566 2005-01-07 03:00 log.0000000002
> >...
> >
> >is this by design, or a flaw?
> >
> >
> This happened to me with 0.35, so it is a long-running "issue".
>
> Subversion running as root does not do anything fancy to switch users to
> the owner of the BDB files. hot-backup.py opens a BDB context which
> even though it is (largely) read-only can cause a new log file to be
> created (the nature of BDB even if the action is read-only) which of
> course has root's permission.
>
> The solution is simply to either 'su' to the www-data user and run the
> host-backup in root's crontab, or even easier, run the hot-backup in
> www-data's crontab.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 10 22:10:17 2005