Re: Somewhat corrupted repository: Berkeley DB Permissions errors on SVN 1.0.2

Paul Oppenheim wrote:
> The current permissions and access system is very confusing to those who
> are developers, not unix sysadmin gurus. As it is, svn+ssh does not work
> correctly out of the box. Why does it work the way it currently does
> (that is, designed to ignore that it needs some type of umask
> intervention), and is there change in the wind? Do I have to do the
> somewhat dodgy umask shuffle, or is there another way?

It might help you if I emphasize that svn+ssh:// is exactly equivalent to
multiple local users using file://. In other words, you still have to be very
careful about permissions, even if you initially set up the repository exactly
right the first time. All steps in the svn+ssh:// server checklist are necessary.

One thing you can consider is putting your svnserve wrapper in a different
directory located earlier in the user's effective path. Thus you don't need to
move the executable (so you can still use the ports to update), but you can
still adjust the umask correctly. You can also reconsider using svnserve in the
first place; the ra_dav access method (http://) has much better granularity for
security (because Apache already provides that), including using client
certificates for authentication.

HTH

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org