Permissions problem?

From: Wesley Spadola <wspadola_at_chinookglobal.com>
Date: 2003-07-15 17:56:04 CEST

Please forgive me if this e-mail is long winded. I do not know if there is
a separate 'user support' mailing list, so hopefully posting it to the dev
mailing list is appropriate. Here goes:

I have been trying to understand the permissions for Subversion. I can't
seem to understand if and why SVN is switching permission bits on me, or if
I'm doing something incorrect with my initial 'svnadmin create' set up to
create the problem in the first place.

I have read the Subversion book at http://svnbook.reb-bean.com/ but it
fails to mention the circumstances under which one creates a repository
(under root, under the svn user, or a possible unix user account which will
have repository committer access).

I am running Subversion 0.25 dev build with debugging turned on; FreeBSD
5.1 with Apache2 2.0.47 (FreeBSD port). Subversion was built with the
following command line:

/usr/local/subversion/bin/svn up ; make distclean ; sh ./autogen.sh ;
./configure --prefix=/usr/local/subversion --enable-maintainer-mode
--with-apr=/usr/local/lib/apache2/apr-config
--with-apr-util=/usr/local/lib/apache2/apu-config --with-neon=/usr/local
--with-apxs=/usr/local/sbin/apxs ; make

I am the only one using this Subversion installation; it is my personal
development sandbox.

I attempted to browse my repository through a web browser this morning and
received the following message back:

Berkeley DB error while checkpointing after Berkeley DB transaction for
filesystem /usr/local/svn/repos/doublespeak/db: DB_RUNRECOVERY: Fatal error,
run database recovery

So I ran /usr/local/subversion/bin/svnadmin recover
/usr/local/svn/repos/doublespeak

It ran without any problems. When I attempted to browse the repository
through the web browser again, I received a permission denied error. I had
done nothing except run the recover facility, so I assumed that it reset the
permission bits on my repository's physical filesystem directory. This is
what the listing looked like:

dante# ls -al
total 5342
drwxrwxr-x 2 root svn 512 Jul 15 10:40 .
drwxrwxr-x 6 root svn 512 Mar 15 11:26 ..
-rw-rw-r-- 1 root svn 1282 Mar 15 11:26 DB_CONFIG
-rw-r--r-- 1 root svn 8192 Jul 15 10:40 __db.001
-rw-r--r-- 1 root svn 270336 Jul 15 10:40 __db.002
-rw-r--r-- 1 root svn 327680 Jul 15 10:40 __db.003
-rw-r--r-- 1 root svn 712704 Jul 15 10:40 __db.004
-rw-r--r-- 1 root svn 16384 Jul 15 10:40 __db.005
-rw-rw-r-- 1 root svn 32768 Jul 15 10:40 changes
-rw-rw-r-- 1 root svn 32768 Jul 15 10:40 copies
-rw-rw-r-- 1 root svn 1046278 Mar 30 13:00 log.0000000001
-rw-rw-r-- 1 root svn 1048420 Apr 3 13:06 log.0000000002
-rw-rw-r-- 1 root svn 1037729 Jun 13 12:06 log.0000000003
-rw-r--r-- 1 root svn 259000 Jul 15 10:40 log.0000000004
-rw-rw-r-- 1 root svn 32768 Jul 15 10:40 nodes
-rw-rw-r-- 1 root svn 65536 Jul 15 10:40 representations
-rw-rw-r-- 1 root svn 32768 Jul 15 10:40 revisions
-rw-rw-r-- 1 root svn 868352 Jul 15 10:40 strings
-rw-rw-r-- 1 root svn 32768 Jul 15 10:40 transactions
-rw-rw-r-- 1 root svn 32768 Jul 15 10:40 uuids

As soon as I ran 'chmod 644 *' and reloaded by web browser, everything
worked 'as it should' as before.

Now as I understand it, the svn group (of which the Apache2 'www' user is a
member) did not have write access to a few files; when I granted the svn
group write access to the rest of it, it operated as before.

Would someone kindly explain to me what svnadmin does to reassign
permissions, or what I should have done when I initially created the
repository (should I have run svnadmin create as a certain user, certain
group, in a certain directory?) so as to prevent this conflict?

Thanks,
Wesley

-------------------
Below is a list of relevant configuration information: The group file,
directory permissions and owners, an excerpt from the httpd.conf file, the
Apache log.

Relavant portion of /etc/group:

svn:*:90:root,wesley,www

Relevant directory listings:

dante# cd /usr/local/svn
dante# ls -al
total 6
drwxrwxr-x 3 root svn 512 Mar 15 11:25 .
drwxr-xr-x 18 root wheel 512 Apr 2 10:49 ..
drwxrwxr-x 4 root svn 512 Jun 20 16:16 repos

dante# cd repos
dante# ls
doublespeak
dante# ls -al
total 8
drwxrwxr-x 4 root svn 512 Jun 20 16:16 .
drwxrwxr-x 3 root svn 512 Mar 15 11:25 ..
drwxrwxr-x 6 root svn 512 Mar 15 11:26 doublespeak

/usr/local/etc/apache2/httpd.conf:

<Location /repos>
  DAV svn
  SVNParentPath /usr/local/svn/repos
  AuthType Basic
  AuthName "Subversion repository"
  AuthUserFile /usr/local/etc/apache2/svn-users
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

/usr/local/etc/apache2/svn-users:

wesley:xxxxxxxxxxxxxxxx

/var/log/httpd-error.log:

[Tue Jul 15 10:41:58 2003] [error] [client xxx.xxx.xxx.xxx] Could not open
the SVN filesystem at /usr/local/svn/repos/doublespeak [500, #160029]
[Tue Jul 15 10:41:58 2003] [error] [client xxx.xxx.xxx.xxx] (13)Permission
denied: Berkeley DB error while opening environment for filesystem
/usr/local/svn/repos/doublespeak/db: Permission denied [500, #160029]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 15 17:57:33 2003

This message: [ Message body ]
Next message: Steven Knight: "install failure of 0.25"
Previous message: pll_at_lanminds.com: "[PATCH] notes/releases.txt"
Next in thread: Ben Collins-Sussman: "Re: Permissions problem?"
Reply: Ben Collins-Sussman: "Re: Permissions problem?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]