[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN Repository permissions

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: Fri, 14 Nov 2008 08:33:52 -0600

On 2008-11-13 14:57, Ashish Utagikar wrote:
> Hello,
>
> I am using a fsfs repository named adapt1 and I am trying to
> import data from a remote machine in to the repository. The owner of the
> repository is not me but a faceless account like svnacc etc..
>
>
>
> I am using svn+ssh protocol to access the repository and the repository
> has user and group write permissions on all of its directories. I am
> also the member of the group.
>
>
>
> When I try to import the data as me and not the faceless account from
> the remote machine, it gives me the below error. Also the
> txn-current-lock file has group write permissions which I am part of
>
>
>
> svn: Can't open file '/tmp/adapt1/db/txn-current-lock': Permission
> denied
>
>
>
>
>
> Can somebody please let me know why this is happening and also how to
> setup permissions on the repository, so that only the group members and
> the owner has write access to the repository, but not the others ?
>

I'm not sure why you're having permission issues; you'd have to post more
about the ownership and permissions of the directories involved and the
group membership of your account (think ls -l and id/groups commands).

As for the general problem, I prefer running svn+ssh access with a wrapper
script which uses sudo:

        #!/bin/sh

        SVNSERVE=$(dirname $(realpath $0))/svnserve.bin

        if [ -z "$SUDO_USER" ] ; then
                exec sudo -u svn "$0" "$@"
        fi
        exec $SVNSERVE "--tunnel-user=$SUDO_USER" "--root=/repos" "$@"

This has the benefit that users who have access to the repository
can't directly access the repository (no rm -rf fears) and it keeps
the repository edits all done by the same user account. This is
really helpful when you're using a sharded fsfs repository as a
user can change the permissions on a sharded directory they create
and break the repo for everyone else.

Are other people using sudo and svn+ssh too? 

-- 
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2008-11-14 15:34:21 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.