[jira] [Commented] (SVN-4622) revert as root always notifies for files

Fri, 14 Aug 2020 07:00:08 -0700 


    [ 
https://issues.apache.org/jira/browse/SVN-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177789#comment-17177789
 ] 

Jeremy Kastner commented on SVN-4622:
-------------------------------------

I have encountered this as well.  From what I can tell, when svn calculates 
these permissions it ignores root powers, group ownership, and ACL.  We use svn 
in our deployment process along with Jenkins.  Historically, we've used the 
same shared user for everything we did across most servers, so this was never a 
problem.  But now we've diversified the users for security, Jenkins has a user, 
developers have different users, and the Apache user still needs access to the 
application files along with everyone else.  We're using a combination of 
groups and ACL to give all the right users access to the application files, but 
this bug comes up.

Right now our repo is owned by apache:devops, and even though my user and 
primary group is devops, this bug comes up.  Jenkins is also a member of devops 
and this still happens, filling our log with "Reverted".

I've tested and file changes still get reverted, so I don't think there's any 
functional impact here.  Although it does make me leery of what other problems 
this could cause.

> revert as root always notifies for files
> ----------------------------------------
>
>                 Key: SVN-4622
>                 URL: https://issues.apache.org/jira/browse/SVN-4622
>             Project: Subversion
>          Issue Type: Bug
>          Components: libsvn_subr
>    Affects Versions: all
>            Reporter: Philip Martin
>            Priority: Minor
>
> $ svnadmin create repo
> $ svn import -mm repo/format file://`pwd`/repo/f
> $ umask 0022
> $ svn co file://`pwd`/repo wc
> $ sudo svn revert wc/f
> Reverted 'wc/f'
> The function svn_io__is_finfo_read_only() will check the world permissions 
> when invoked with uid=root. A typical umask removes world write so this means 
> that root sees every file as read-only. This causes the revert code to invoke 
> svn_io_set_file_read_write() and notify. However svn_io_set_file_read_write() 
> sets the owner permissions, an operation that succeeds when run as root, and 
> obeys the umask so the world permissions remain read-only.
> Reported by:
> https://mail-archives.apache.org/mod_mbox/subversion-users/201602.mbox/%3C56C0738E.9010508%40i.ua%3E
> http://svn.haxx.se/users/archive-2016-02/0061.shtml



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to