Re: Subversion repository backup & file access priviledges

On Tue, 2004-04-13 at 12:39, Emmanuel-G BLOT wrote:

> Cron jobs (and other manually run scripts) need to backup the
> repositories on a regular basis.
> These tasks are run with the superuser account (cron is run as root, and
> other scripts are run with the sudo command)
>
> In order to be reached from the Apache2 server, the repositories are
> owned by www-data.www-data (uid.gid of Apache2 on Debian)
>
> When a backup occurs, svnadmin is run as root.root, and accesses the
> repository files.
> It seems that the "svnadmin dump" command, through the BDB engine,
> modifies data in the BDB log files, or even worse creates a new BDB log
> file in some cases.
>
> The log file that is created belongs to root.root and this blocks any
> further accesses to the repository from the Apache2 server, as the
> Apache2 server cannot read files owned by the root superuser (and these
> files are not, and should not be readable by everyone)
>
> What is the recommanded approach ?
> * Set the gid of svnadmin to use the www-data group, and set the
> sticky bit for this group (chgrp www-data svnadmin; chmod g+s svnadmin) ?
> * Change the umask before svnadmin is run ?
> * Am I missing something evident ?

Run the backup as the www-data user.

Create a crontab file that invokes the backup script, and install it for
the www-data user with the crontab command.
 
(that's what I do)

-- 
Scott Lawrence        
  Pingtel Corp.   
  sip:slawrence {at} pingtel.com  
  +1.781.938.5306 x162
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org