#385288 libapache2-svn sometimes create db logs owned by root

Package:
libapache2-svn
Source:
subversion
Submitter:
Vitalie Lazu
Date:
2023-04-18 11:18:06 UTC
Severity:
important
Tags:
#385288#5
Date:
2006-08-30 09:37:54 UTC
From:
To:
We host a lot of repositories at www.assembla.com, sometimes we have
problems because in db/ directory of svn repository appears log files owned by root,
apache run as www-data user and it can not serve that repository
anymore.

We had manualy to chown files and run svnadmin recover to that
repository. It happens at least twice per week with >30 active svn repositories.

#385288#10
Date:
2006-08-30 19:05:37 UTC
From:
To:
[Vitalie Lazu]

If apache does not have permission to create files as root, I wonder
who is doing it.  Files owned by root don't just appear out of nowhere;
some process running as root has to create them.  Do you have some
administrative cron job, or something, which touches the repositories?

Thanks,
Peter

#385288#15
Date:
2006-08-30 19:17:48 UTC
From:
To:
Only nightly backup, but it can not break repositories and it happens
sometimes and on random repositories.
below is my backup script:

backup_svn() {
    local REVFILE="$1/backup_rev.txt"
    local OLDREV=`cat "$REVFILE" 2>/dev/null || echo -n 0`
    local NEWREV=`svnlook youngest $1`
    echo Repository: $1

    if [ $OLDREV != $NEWREV ]
        then
        local OUTPUT_FILE="$TMP_SVN_DIR/$1-$OLDREV-$NEWREV.dump"
        OLDREV=$(($OLDREV+1))
        echo "   $OLDREV:$NEWREV"
        svnadmin dump -q -r $OLDREV:$NEWREV --incremental $1 >
"$OUTPUT_FILE"
        echo -n $NEWREV > "$REVFILE"
    fi
}

#385288#20
Date:
2006-08-31 03:13:27 UTC
From:
To:
tags 385288 upstream wontfix
thanks

[Vitalie Lazu]

That's the culprit, then.  With the bdb backend, _no_ operation is
truly read-only - even 'svnlook youngest' writes to log files, and can
create new log files.  This is an implementation choice in the Berkeley
DB library, so it cannot be fixed in Subversion.

(This is not true of the fsfs backend, by the way, so if you convert
repositories to fsfs, this particular problem will disappear.)

I suggest running svnlook and svnadmin as the 'www-data' user:

    svnrun() {
      su www-data -c "$*"
    }

    local NEWREV=$(svnrun svnlook youngest $1)

  ...

    svnrun svnadmin dump -q -r $OLDREV:$NEWREV --incremental $1


Or perhaps it is more convenient to run your entire backup script as
the www-data user.

Peter

#385288#27
Date:
2012-01-02 09:02:49 UTC
From:
To:
Hi Vitalie,

Peter Samuelson wrote:
documentation for anyone considering whether the bdb backend is
appropriate for their particular setup.

I'd like to go a step further: do you remember what documentation you
looked at when coming up with your setup and later when investigating
its misbehavior?  Any ideas for hints that could save future readers
from the same trouble?

Thanks much,
Jonathan

#385288#32
Date:
2012-01-03 10:27:48 UTC
From:
To:
Hello Jonathan,

It was long time ago ;-) We switched to fsfs repository type.

As I remember it was a standart apache configuration to serve many repositories
from parent directory with user authorization.