[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Subversion repository backup & file access priviledges

From: Emmanuel-G BLOT <emmanuel.blot-gnb_at_st.com>
Date: 2004-04-13 18:39:13 CEST


I'm a newbie to SubVersion.

Our current config is:
   Apache 2.0.49 + mod_dav_svn, running as www-data.www-data user
   Linux Debian 3.1 (testing) server - this means that Subversion
release is 1.0.0, not 1.0.1 for now

Client is either the same machine (using https:// protocol) or Windows
XP machines (using TortoiseSVN, https:// protocol)

Cron jobs (and other manually run scripts) need to backup the
repositories on a regular basis.
These tasks are run with the superuser account (cron is run as root, and
other scripts are run with the sudo command)

In order to be reached from the Apache2 server, the repositories are
owned by www-data.www-data (uid.gid of Apache2 on Debian)

When a backup occurs, svnadmin is run as root.root, and accesses the
repository files.
It seems that the "svnadmin dump" command, through the BDB engine,
modifies data in the BDB log files, or even worse creates a new BDB log
file in some cases.

The log file that is created belongs to root.root and this blocks any
further accesses to the repository from the Apache2 server, as the
Apache2 server cannot read files owned by the root superuser (and these
files are not, and should not be readable by everyone)

What is the recommanded approach ?
  * Set the gid of svnadmin to use the www-data group, and set the
sticky bit for this group (chgrp www-data svnadmin; chmod g+s svnadmin) ?
  * Change the umask before svnadmin is run ?
  * Am I missing something evident ?

Best Regards,

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Apr 13 18:39:54 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.