tags:

views:

106

answers:

2
+1  Q: 

Weird Subversion permissions issue

I'm trying to set up SVN on a CentOS 5 system so that several people can use a repository.

  • I've created the repository at /var/svnrepository.
  • I added a subversion user and group, made that the owner of the repository recursively.
  • I set permissions to 775 recursively.
  • I ensured that all the system users are in the subversion group.

The problem I'm running into is that when I do a commit, SVN apparently creates a file called db/current and it has my username and group. So say my username is jimbo...

-rwxrwxr-x 1 jimbo      jimbo         11 Dec  2 01:09 current

Then after that no one else can check anything out. They get a permission denied error.

There's also a similar issue with a file called db/format.

Can not open file /var/svnrepository/contactdb/trunk/format: Permission denied

Has anyone else seen this? Know of a solution?

All repository access is through ssh.

The weird thing is, I've set up SVN on Linux before and never had this problem. I don't know what I'm doing differently this time.

+2  A: 

Are you using svnserve or is everyone going through file:/// URI's? Subversion recommends against the second. svnserve -d should be run as a single user.

Here is some documentation on trying to make multiple access methods work.

John Paulett  2009-12-02 01:48:27
Every one is accessing it through ssh, like this: `svn co svn+ssh://host.com/var/repository`
Ethan  2009-12-02 01:51:53
Did you follow the advice in the documentation about creating a wrapper script for svnserve that sets the umask to 002? http://svnbook.red-bean.com/en/1.1/ch06s05.html
John Paulett  2009-12-02 14:11:22
It isn't really 100% clear to me, but from what I understand I'm not actually using svnserv. Just accessing the repository through ssh.
Ethan  2009-12-02 19:05:56
+1  A: 

Note, that usually the setGID is set on Subversions repository directory and their child directories:

drwxr-sr-x svnowner svnusers 4096 2008-11-01 .

by chmod 775 you unset this setGID bit and thats why the problems occurred:

The setGID means: if you create a file, the group will be set to svnusers(in my example), not your primary group.

I bet you do no have the SetGID bit set, do you?

However, it is better to change GID of the folders:

chmod g+s <REPO>/dir

it is best you look into a fresh created repository to match the permissions.

Peter Parker  2009-12-02 12:15:44
I bet changing the primary group of the users to svnusers would work, but it seems like a hack to do it. It would mean that subversion hijacks unix permissions, changing at a basic level how you can secure the system.
John Paulett  2009-12-02 14:13:43
it is a hack. Usually the setGID bit is set on repository directory. If it is set, always the correct group would be set
Peter Parker  2009-12-02 15:25:13
This appears to work. I ran `chmod -R g+s`. Now the whole repository is `rwxrws--- subversion subversion`. Users are in `subversion` group. We'll see if that works. If not I'll look into Apache or svnserv but I was hoping to avoid running another daemon.
Ethan  2009-12-02 19:16:02

related questions

Best strategy to write hooks for subversion in Windows
Database Version Control
Version control PHP Web Project
Experience with SVN vs. Team Foundation Server?
Best SVN Client Ignore Pattern for VB.NET Solutions?
SVN merge merged extra stuff
What is your favorite web app deployment workflow with SVN?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Version Control. Getting started...
ASP.NET Display SVN Revision Number
How do I create a branch in SVN?
What do the result codes in svn mean?
Could you recommend a good free project hosting website?
Federated (Synced) Subversion servers?
Mechanisms for tracking DB schema changes
What are the advantages of using SVN over CVS?
Use SVN Revision to label build in CCNET
Best subversion client for Mac OS
Why is Git better than Subversion?
ASP.NET, Visual Studio and Subversion - how to integrate?
Best Practice: Collaborative Environment, Bin Directory, SVN
How do I sync the SVN revision number with my ASP.NET web site?
Best Subversion clients for Windows Vista (64bit)
Good branch/merge tutorials for Tortoise SVN?
How can you get Subclipse in Aptana to work with the newest release of Subversion?