> The current permissions and access system is very confusing to those
> who are developers, not unix sysadmin gurus. As it is, svn+ssh does
> not work correctly out of the box. Why does it work the way it
> currently does (that is, designed to ignore that it needs some type
> of umask intervention), and is there change in the wind? Do I have
> to do the somewhat dodgy umask shuffle, or is there another way?
Lots and lots of people run into this problem, and yes, it sucks.
There are three changes in the wind:
* In svn 1.1, there will be an svnserve --tunnel-user option, which
you can use in combination with the "command" directive in the
authorized_keys file to set up svn+ssh so that you have one system
account with many users, each user having a distinct key.
* In svn 1.1, there will be an alternate FS back end (FSFS) which
does not use BDB and does not have the umask requirement. (It
still has the requirement to set the db directories g+s if you're
using group access permissions, so things may quite not work "out
of the box." Not certain if there's anything we can legitimately
do anything about that. Anyway, it's a lot closer.)
* Some future version of BDB is supposedly going to have a flag we
can set so that new logfiles are chmodded after creation. We have
no idea when that will happen, though.
We have considered stopgap fixes, like adding a umask directive to
svnserve.conf, but they are half-measures and come with a lot of
associated pain (umask isn't portable and you can't have separate
umasks for each repository if the server is running in threaded mode),
so we haven't implemented them.
We've also considered adding better diagnostics (checking to make sure
you have write access to the DB files before trying to open the
database, and giving a better error message than "your DB is corrupt,
run recovery"), and I think approved the idea, but I believe failed to
implement them out of lameness.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri May 28 17:24:31 2004