svnserve seems to write files as root. How can I give access to the same repository via svnserve and apache?

svn redhat rhel5 svnserve mod-webdav

The aim is to set up subversion with both svnserve and apache/webdav access.

When users commit via http/apache, files are written to the filesystem and belong to apache user.

When users commit via svn/svnserve, files are written to the filesystem and belong to root user.

I tried to set up apache as a svnserve user without improvement :


cat /pathto/repo/conf/passwd
[users]
apache = XxXxXxX

 cat /pathto/repo/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
password-db = passwd


[sasl]
use-sasl = false

svn: Commit failed (details follow):
svn: Can't move '/pathto/repo/db/txn-protorevs/1091-ux.rev' 
to '/pathto/repo/db/revs/1/1092': Permission denied

Indeed, root is the owner of the directory, I wanted apache.


ls -ld /pathto/repo/db/revs/1/
drwxr-s--- 2 root svn 4096 Jul 17 15:25 /pathto/repo/db/revs/1/

For now I use the following workaround :


chown -R apache /pathto/repo/db/

Does anyone have a clean solution to run svnserve?

update 1 : svnserve is ran as a standalone service

update 2 : Here is /etc/sysconfig/svnserve content :


OPTIONS="--threads --root /pathto "

update 3 : I agree with JvO : using http/apache/webdav as the only access system would be much simpler. Unfortunately, a third party software has only svn:// binding and no http:// binding.

update 4 : Modifying svnserve init script should work, but does anyone has another idea?

update 5 : Added bounty : Looking for an elegant workaround


Clearly, your svnserve process runs as root. So change the configuration to run that process as some non-privileged user (it's not clear exactly how svnserve is started from your description; could be xinetd or something else).

Securety-wise, the best approach IMO would be to add both apache and the snvserve user to a common group (like 'svn') and change the permissions on your repository to drwxrws--- (that is, group permissions are 'sticky')


You should be able to modify your svnserv startup script to run as a different user. take a look at https://gist.github.com/dexterbt1/905615 with the relevant part being 

start() {
        echo -n $"Starting $desc ($prog): "
    daemon --user $USER $prog -d $OPTIONS
    RETVAL=$?
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
    echo
}

and then you should just be able to set USER in /etc/sysconfig/subversion to the user you would like to run as. I would also echo @JVQ suggestion about running as a user with common group (ie create svn user, with svn group make daemon run as user svn, and then then added apache user to svn group)

Related

RHEL: What happens when memory starts to fail?
How can I delete all messages from a certain address from the mailqueue?
redis "No route to host" when pinging a remote redis host
What happens when RDS freeable memory runs out?
How light is a ping?
Using git to deploy
Avoiding duplicate code in my nGinx configuration
Difference between Computer config and User config in GPO
How to disable 1 version of PostgreSQL server without uninstalling it
Change ssh ControlPath with host-specific declaration
How to configure Varnish not to cache a particular folder?
AWS Cloud Formation.Requires capabilities : [CAPABILITY_IAM] (Child Stack)