svnadmin create ignoring sticky group bit on directory

Question

I am using Subversion with Apache and want a normal user (i.e. non-root) to be able to create new repositories. I thought this would be easy enough to do using a parent directory with group www-data and the group sticky bit set. Unfortunately "svnadmin create ..." leaves only its db directory with the sticky group not set. How can I get around this? This causes "permission denied" errors when attempting to commit through Apache.

I have got this to work with a "only root can create repositories" policy as root can just chown the files when done. But thats not what I want.

Here is a trace of my test:

ctndocs@beta:~$ ll -d svn
drwsrwsr-x 6 ctndocs www-data 4096 2009-11-14 18:27 svn
ctndocs@beta:~$ cd svn
ctndocs@beta:~/svn$ umask
0002
ctndocs@beta:~/svn$ mkdir test
ctndocs@beta:~/svn$ svnadmin create test
ctndocs@beta:~/svn$ ls -l test
total 24
drwxrwsr-x 2 ctndocs www-data 4096 2009-11-14 18:31 conf
drwxrwxr-x 6 ctndocs www-data 4096 2009-11-14 18:31 db
-r--r--r-- 1 ctndocs www-data    2 2009-11-14 18:31 format
drwxrwsr-x 2 ctndocs www-data 4096 2009-11-14 18:31 hooks
drwxrwsr-x 2 ctndocs www-data 4096 2009-11-14 18:31 locks
-rw-rw-r-- 1 ctndocs www-data  229 2009-11-14 18:31 README.txt

Note the lack of an "s" on the db directory. All the others are ok.

Answer 1

If you can get root permissions and your filesystem supports file access control lists (which is true for any modern fs), you can enable FACLs on the filesystem and then set the default group permissions for www-data:

mount /fs/root -o remount,acl
setfacl -Rdm g:www-data:rwx /fs/root/path/to/svndir
setfacl -Rm g:www-data:rwx /fs/root/path/to/svndir

After that, everything created under svndir will be by default group-writable by www-data, which you can verify with getfacl.

Don't forget to append the acl option to /etc/fstab for the filesystem, to have FACLs enabled also after next boot.