solo turn wrote:
>hi,
>
>for hotbackup, we use root's crontab to start a script containing:
>/usr/lib/subversion/hot-backup.py /var/lib/svn/rep /backup/svn/
>
>on debian, we upgraded to:
># svn --version
>svn, version 1.1.1 (r11581)
> compiled Dec 15 2004, 19:22:46
># wajig list-wide libdb4
>ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [runtime]
>
>now (in rare cases) there are db log files with root's permission
>created, which we did not notice before:
>
># ls -l db
>...
>-rw------- 1 www-data www-data 1738 2004-02-04 04:10 DB_CONFIG
>-rw------- 1 www-data www-data 1048546 2005-01-07 03:00 log.0000000001
>-rw-r--r-- 1 root root 1566 2005-01-07 03:00 log.0000000002
>...
>
>is this by design, or a flaw?
>
>
This happened to me with 0.35, so it is a long-running "issue".
Subversion running as root does not do anything fancy to switch users to
the owner of the BDB files. hot-backup.py opens a BDB context which
even though it is (largely) read-only can cause a new log file to be
created (the nature of BDB even if the action is read-only) which of
course has root's permission.
The solution is simply to either 'su' to the www-data user and run the
host-backup in root's crontab, or even easier, run the hot-backup in
www-data's crontab.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jan 7 15:56:52 2005