Skip to content

Server side permission problems

Server-side Permission Problems

Recently I saw a "permission denied" error in my SVN logs after getting a PROPFIND error in my SVN client:

[Tue Jun 03 11:52:15 2008] [error] [client X.X.X.X] Could not fetch resource information.  [500, #0]
[Tue Jun 03 11:52:15 2008] [error] [client X.X.X.X] Could not open the requested SVN filesystem  [500, #160029]
[Tue Jun 03 11:52:15 2008] [error] [client X.X.X.X] Could not open the requested SVN filesystem  [500, #160029]
[Tue Jun 03 11:52:21 2008] [error] [client X.X.X.X] File does not exist: /var/www/html/svn
[Tue Jun 03 11:52:28 2008] [error] [client X.X.X.X] (20014)Error string not specified yet: Berkeley DB error while opening environment for filesystem /srv/svn/repos/db:\nPermission denied

Hmm....permission denied. Either I have an expired user ID or something is wrong on the server. I checked the user ID and found no problems. So I scanned the server and found the following. (Note: I'm recreating the symptoms here by hand-editing the console output. There might be a couple of file permission differences when you experience the error, but you get the idea).

root@server# cd /srv/svn/repos/db
rroot@server# ll
total 4945812
-rw-r--r--  1 apache apache          4 Sep  8  2006 fs-type
-rw-r--r--  1 apache apache       1955 Sep  8  2006 DB_CONFIG
drwxr-xr-x  7 apache apache       4096 Jun  3 13:06 ../
-rw-r--r--  1 apache apache      16384 Jun  3 13:11 __db.005
-rw-r--r--  1   root apache    1327104 Jun  3 13:11 __db.004
-rw-r--r--  1   root apache     393216 Jun  3 13:11 __db.003
-rw-r--r--  1   root apache     278528 Jun  3 13:11 __db.002
-rw-r--r--  1   root apache      16384 Jun  3 13:11 __db.001
drwxr-sr-x  2 apache apache       4096 Jun  3 13:11 ./
-rw-r--r--  1 apache apache       8192 Jun  3 13:13 uuids
-rw-r--r--  1 apache apache    2428928 Jun  3 13:13 transactions
-rw-r--r--  1 apache apache 5020962816 Jun  3 13:13 strings
-rw-r--r--  1 apache apache     180224 Jun  3 13:13 revisions
-rw-r--r--  1 apache apache   12042240 Jun  3 13:13 representations
-rw-r--r--  1 apache apache   14024704 Jun  3 13:13 nodes
-rw-r--r--  1 apache apache     139677 Jun  3 13:13 log.0000007790
-rw-r--r--  1 apache apache     151552 Jun  3 13:13 copies
-rw-r--r--  1 apache apache    8286208 Jun  3 13:13 changes

Notice the files owned by root (i.e. the files beginning with "__")? That should never happen. All the files must be owned by apache:apache (in my case) because the repository is only accessed by the web server which runs as the apache user. The only way that files get chowned to root is if someone ssh's into the server and runs the svnadmin command as the root user.

Since I can't fix root-related issues with a non-root ID, things are a little more complicated than they should be. And I can't su apache because that isn't a user who can login from the console. Hmm...lets think for a second. What else can I do? How about this:

root@server# /etc/init.d/httpd stop
Stopping httpd:                                            [  OK  ]
root@server#cd /srv/svn/repos/db
root@server#chown root:root *
root@server#db_recover 
...
root@server#chown apache:apache *
root@server# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
root@server#

Stopping apache ensures that nobody is accessing the server. Then I chown all the database files to root and run the db_recover command. When that completes, I chmod everything back to apache:apache and restart the apache server. Fortunately it worked.