svnadmin create not honoring sticky bit
Hi, I encountered an unexpected behaviour during a svnadmin create as a normal user. We have a setup where a normal user can create repositories below an SvnParentPath structure. The directories are setgroupid www, with ACLs allowing the user write permissions. When I create these directories as root, the permissions are passed down properly, everything works, except for that misbehaviour with sqlite and rep-cache.db. When I create a repository as a normal user (with the proper permissions), the sticky bit doesn't get passed down to the db directory, so all files and directories in there end up owned by the user's primary group, with all traces of www removed, thus not readable. I created a test case: cd /tmp mkdir test chgrp www test chmod 2770 test setfacl -m u:username:rwx test setfacl -m d:u:username:rwx test cd test svnadmin create test1 su - username -c "cd /tmp/test; svnadmin create test2" Result: ls -l total 16 drwxrws---+ 6 root www 4096 2010-03-30 14:07 test1 drwxrws---+ 6 username www 4096 2010-03-30 14:07 test2 ls -ld test1/db test2/db drwxrws---+ 6 root www 4096 2010-03-30 14:07 test1/db drwxrwx---+ 6 username www 4096 2010-03-30 14:07 test2/db ls -l test1/db/rep-cache.db test2/db/rep-cache.db -rw-r-+ 1 root www 4096 2010-03-30 14:07 test1/db/rep-cache.db -rw-r-+ 1 username users 4096 2010-03-30 14:07 test2/db/rep-cache.db ls -ld test1/db/revs test2/db/revs drwxrws---+ 3 root www 4096 2010-03-30 14:07 test1/db/revs drwxrwx---+ 3 username users 4096 2010-03-30 14:07 test2/db/revs Am I doing something wrong or am I too stupid to see the obvious? Is this possibly a bug? Best regards Ullrich Jans -- Ullrich Jans, Specialist, IT-A Phone: +49 9131 7701-6627, mailto:ullrich.j...@elektrobit.com Fax: +49 9131 7701-6333, www.elektrobit.com Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, Germany Managing Directors: Otto Fößel, Jarkko Sairanen Register Court Fürth HRB 4886 Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you.
Re: svnadmin create not honoring sticky bit
On Tue, Mar 30, 2010 at 02:16:50PM +0200, ullrich.j...@elektrobit.com wrote: > cd /tmp > mkdir test > chgrp www test > chmod 2770 test > setfacl -m u:username:rwx test > setfacl -m d:u:username:rwx test > cd test > svnadmin create test1 > su - username -c "cd /tmp/test; svnadmin create test2" > > Result: > > ls -l > total 16 > drwxrws---+ 6 root www 4096 2010-03-30 14:07 test1 > drwxrws---+ 6 username www 4096 2010-03-30 14:07 test2 > ls -ld test1/db test2/db > drwxrws---+ 6 root www 4096 2010-03-30 14:07 test1/db > drwxrwx---+ 6 username www 4096 2010-03-30 14:07 test2/db > ls -l test1/db/rep-cache.db test2/db/rep-cache.db > -rw-r-+ 1 root www 4096 2010-03-30 14:07 test1/db/rep-cache.db > -rw-r-+ 1 username users 4096 2010-03-30 14:07 test2/db/rep-cache.db See http://subversion.tigris.org/issues/show_bug.cgi?id=3437 Stefan
RE: svnadmin create not honoring sticky bit
Stefan Sperling wrote: > On Tue, Mar 30, 2010 at 02:16:50PM +0200, > ullrich.j...@elektrobit.com wrote: >> ls -l test1/db/rep-cache.db test2/db/rep-cache.db >> -rw-r-+ 1 root www 4096 2010-03-30 14:07 test1/db/rep-cache.db >> -rw-r-+ 1 username users 4096 2010-03-30 14:07 test2/db/rep-cache.db > > See http://subversion.tigris.org/issues/show_bug.cgi?id=3437 I know about that one. (That's why I mentioned it in my original mail) What's new (to me) is the permissions on *all* the files in db (just one example from db to keep the email short): drwxrws---+ 3 root www 4096 2010-03-30 14:07 test1/db/revs drwxrwx---+ 3 username users 4096 2010-03-30 14:07 test2/db/revs Looking at the main directory shows that the sticky bit on db got dropped: ls -l test2 total 48 drwxrws---+ 2 username www 4096 2010-03-30 14:07 conf drwxrwx---+ 6 username www 4096 2010-03-30 14:07 db ^here -r--r-+ 1 username www2 2010-03-30 14:07 format drwxrws---+ 2 username www 4096 2010-03-30 14:07 hooks drwxrws---+ 2 username www 4096 2010-03-30 14:07 locks -rw-rw+ 1 username www 229 2010-03-30 14:07 README.txt Occurred on svn 1.6.9 (package from the Suse Buildservice): subversion-1.6.9-4.3 subversion-perl-1.6.9-4.3 subversion-tools-1.6.9-4.3 subversion-server-1.6.9-4.3 Cheers, Ulli -- Ullrich Jans, Specialist, IT-A Phone: +49 9131 7701-6627, mailto:ullrich.j...@elektrobit.com Fax: +49 9131 7701-6333, www.elektrobit.com Elektrobit Automotive GmbH, Am Wolfsmantel 46, 91058 Erlangen, Germany Managing Directors: Otto Fößel, Jarkko Sairanen Register Court Fürth HRB 4886 Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you.
RE: svnadmin create not honoring sticky bit
Hi, users-return-1912-ullrich.jans=elektrobit@subversion.apach e.org wrote: > Subject: RE: svnadmin create not honoring sticky bit > > Stefan Sperling wrote: >> On Tue, Mar 30, 2010 at 02:16:50PM +0200, >> ullrich.j...@elektrobit.com wrote: > >>> ls -l test1/db/rep-cache.db test2/db/rep-cache.db >>> -rw-r-+ 1 root www 4096 2010-03-30 14:07 >>> test1/db/rep-cache.db >>> -rw-r-+ 1 username users 4096 2010-03-30 14:07 >>> test2/db/rep-cache.db >> >> See http://subversion.tigris.org/issues/show_bug.cgi?id=3437 > > I know about that one. (That's why I mentioned it in my original mail) > > What's new (to me) is the permissions on *all* the files in > db (just one example from db to keep the email short): > > drwxrws---+ 3 root www 4096 2010-03-30 14:07 test1/db/revs > drwxrwx---+ 3 username users 4096 2010-03-30 14:07 test2/db/revs > > Looking at the main directory shows that the sticky bit on db > got dropped: > > ls -l test2 > total 48 > drwxrws---+ 2 username www 4096 2010-03-30 14:07 conf > drwxrwx---+ 6 username www 4096 2010-03-30 14:07 db > ^here > -r--r-+ 1 username www2 2010-03-30 14:07 format > drwxrws---+ 2 username www 4096 2010-03-30 14:07 hooks > drwxrws---+ 2 username www 4096 2010-03-30 14:07 locks > -rw-rw+ 1 username www 229 2010-03-30 14:07 README.txt > > Occurred on svn 1.6.9 (package from the Suse Buildservice): > > subversion-1.6.9-4.3 > subversion-perl-1.6.9-4.3 > subversion-tools-1.6.9-4.3 > subversion-server-1.6.9-4.3 Any ideas on that one? Should I open an issue in the tracker? Cheers, Ulli Please note: This e-mail may contain confidential information intended solely for the addressee. If you have received this e-mail in error, please do not disclose it to anyone, notify the sender promptly, and delete the message from your system. Thank you.