[users@httpd] Bug: apache/mod_svn intermittently creates transaction dirs with incorrect permissions or ownership such that the transaction breaks.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm seeing strange behavior with an apache module (Subversion's
mod_svn).  Subversion commits through mod_svn are intermittently
failing because files and/or directories are being created with ROOT
ownership!! or permissions such that the user apache cannot write. 
This problem happens frequenlty, but _not_always_, so I know it isn't
an outright configuration problem in apache or subversion.  Apache is
set to run as user apache.  I've posted this to the subversion mailing
lists and plan to file a bug.

It dawned on me that this might be a problem with apache and or
configuration.  I've tried a minimal config (no virtual hosts, no
extra modules like php, etc) and have not been able to find the bug. 
Should a module get away with creating a file as root when apache is
explicitly configured not to do so?  Can you suggest anything that I
might try to fix or identify this problem?

The full details can be found below, which is my second post to the
subversion users/dev mailing list.

I sure would appreciate it if someone could help me out with this if
they can think of an apache cause for this problem.

Thanks (details below)

-John
-------------------------------
Details:
I'm about to file a subversion bug in relation to apache/mod_svn
intermittently creating transaction dirs with incorrect permissions or
ownership such that the transaction breaks.

Many times during the day commits are failing with an error message
like the following:

[Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
  Could not create activity
  /svn/ResultsPlus/!svn/act/a24ba835-0155-2042-a734-13818c448007. [500, #0]
  [Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
  could not begin a transaction [500, #13]
  [Wed Aug 31 12:55:55 2005] [error] [client
192.189.224.121<http://192.189.224.121>]
  Can't open file
'/svnroot/repos/ResultsPlus/db/transactions/90-1.txn/node.0.0':
  Permission denied [500, #13]

Inspection on the server side reveals one of 2 scenarios:

   1. The transaction directory (e.g.
/svnroot/repos/reposname/db/transactions/90-1.txn) has the wrong
permissions and cannot be populated by the apache user (apache) - i.e.
drw-rwSrw-
   2. The props file in the transaction directory (e.g.
/svnroot/repos/reposname/db/transactions/90-1.txn/props) is owned by
the root user and ONLY user has write permissions

If the commit is retried, it may or may not succeed.  To temporarily
fix the problem, I must restart apache, and delete the broken
transaction directories.

I am now running the latest stable apache(httpd-2.0.54) and
subversion(subversion-1.2.3) built from scratch.  (This problem was
first observed with prebuilt RPMS.)  I am running Intel RedHat
Enterprise Server 3 (rhel-3).  I have audited the system extensively
in an effort to identify any external processes that could be causing
this problem and found now.

I have a little bash script that will repeatedly modify, commit, and
sleep 1 second that tests subversion.  I can reproduce this error
within 10 - 30 commits.  I posted this problem before
(http://svn.haxx.se/users/archive-2005-09/0228.shtml).  More details
can be found in that post.  This problem was reported by another user
as well in June (http://svn.haxx.se/users/archive-2005-06/1629.shtml)
-- on Solaris.  He was able to work around the problem by using
setfacl however, rhel-3 (kernel 2.4) doesn't appear to support setfacl
completely.

If anyone can help me debug this problem further I'd appreciated it. 
I'm willing to try almost anything - a debug version of subversion,
apache etc.  If you'd like more information, please ask me. 
Otherwise, I'd welcome any tips for successfully logging a bug on
subversion.trigris.org.

I feel I've exhausted all configuration possibilities between
apache-subversion.  I've tried creating a test repository from scratch
- ensuring all commands out-of-apache-web-server were done as apache
(sudo -u apache svnadmin ...).  I've tried different file system
locations.  I've removed all but svn functionality from apache.  I've
used the simplest svn configuration possible..

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux