Server side permission problems
Server-side Permission Problems
Recently I saw a "permission denied" error in my SVN logs after getting a PROPFIND error in my SVN client:
[Tue Jun 03 11:52:15 2008] [error] [client X.X.X.X] Could not fetch resource information. [500, #0]
[Tue Jun 03 11:52:15 2008] [error] [client X.X.X.X] Could not open the requested SVN filesystem [500, #160029]
[Tue Jun 03 11:52:15 2008] [error] [client X.X.X.X] Could not open the requested SVN filesystem [500, #160029]
[Tue Jun 03 11:52:21 2008] [error] [client X.X.X.X] File does not exist: /var/www/html/svn
[Tue Jun 03 11:52:28 2008] [error] [client X.X.X.X] (20014)Error string not specified yet: Berkeley DB error while opening environment for filesystem /srv/svn/repos/db:\nPermission denied
Hmm....permission denied. Either I have an expired user ID or something is wrong on the server. I checked the user ID and found no problems. So I scanned the server and found the following. (Note: I'm recreating the symptoms here by hand-editing the console output. There might be a couple of file permission differences when you experience the error, but you get the idea).
root@server# cd /srv/svn/repos/db
rroot@server# ll
total 4945812
-rw-r--r-- 1 apache apache 4 Sep 8 2006 fs-type
-rw-r--r-- 1 apache apache 1955 Sep 8 2006 DB_CONFIG
drwxr-xr-x 7 apache apache 4096 Jun 3 13:06 ../
-rw-r--r-- 1 apache apache 16384 Jun 3 13:11 __db.005
-rw-r--r-- 1 root apache 1327104 Jun 3 13:11 __db.004
-rw-r--r-- 1 root apache 393216 Jun 3 13:11 __db.003
-rw-r--r-- 1 root apache 278528 Jun 3 13:11 __db.002
-rw-r--r-- 1 root apache 16384 Jun 3 13:11 __db.001
drwxr-sr-x 2 apache apache 4096 Jun 3 13:11 ./
-rw-r--r-- 1 apache apache 8192 Jun 3 13:13 uuids
-rw-r--r-- 1 apache apache 2428928 Jun 3 13:13 transactions
-rw-r--r-- 1 apache apache 5020962816 Jun 3 13:13 strings
-rw-r--r-- 1 apache apache 180224 Jun 3 13:13 revisions
-rw-r--r-- 1 apache apache 12042240 Jun 3 13:13 representations
-rw-r--r-- 1 apache apache 14024704 Jun 3 13:13 nodes
-rw-r--r-- 1 apache apache 139677 Jun 3 13:13 log.0000007790
-rw-r--r-- 1 apache apache 151552 Jun 3 13:13 copies
-rw-r--r-- 1 apache apache 8286208 Jun 3 13:13 changes
Notice the files owned by root (i.e. the files beginning with "__")? That should never happen. All the files must be owned by apache:apache (in my case) because the repository is only accessed by the web server which runs as the apache
user. The only way that files get chowned to root is if someone ssh's into the server and runs the svnadmin
command as the root user.
Since I can't fix root-related issues with a non-root ID, things are a little more complicated than they should be. And I can't su apache
because that isn't a user who can login from the console. Hmm...lets think for a second. What else can I do? How about this:
root@server# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
root@server#cd /srv/svn/repos/db
root@server#chown root:root *
root@server#db_recover
...
root@server#chown apache:apache *
root@server# /etc/init.d/httpd start
Starting httpd: [ OK ]
root@server#
Stopping apache ensures that nobody is accessing the server. Then I chown all the database files to root and run the db_recover
command. When that completes, I chmod everything back to apache:apache and restart the apache server. Fortunately it worked.