On Thu, Dec 05, 2013 at 02:30:23PM +0000, Philip Martin wrote: > Create a repository with group write access: > > (umask 002 ; svnadmin create repo) > > -rw-rw-r-- 1 pm pm 2 Dec 5 14:27 repo/db/current > -r--r--r-- 1 pm pm 115 Dec 5 14:27 repo/db/revs/0/0 > > Accidentally commit with umask denying all group/other access > > (umask 077 ; svn mkdir -mm file://`pwd`/repo/A) > > If we created the new files with umask permissions we would break future > group access, but we copy permissions and the group access is preserved: > > -rw-rw-r-- 1 pm pm 2 Dec 5 14:28 repo/db/current > -r--r--r-- 1 pm pm 115 Dec 5 14:27 repo/db/revs/0/0 > -r--r--r-- 1 pm pm 268 Dec 5 14:28 repo/db/revs/0/1 > > Ideally we would like to do something similar for the rep-cache but at > present we don't: > > (umask 077 ; svn import repo/format -mm file://`pwd`/repo/A/f) > > -rw-rw-r-- 1 pm pm 2 Dec 5 14:28 repo/db/current > -rw------- 1 pm pm 3072 Dec 5 14:28 repo/db/rep-cache.db > -r--r--r-- 1 pm pm 115 Dec 5 14:27 repo/db/revs/0/0 > -r--r--r-- 1 pm pm 268 Dec 5 14:28 repo/db/revs/0/1 > -r--r--r-- 1 pm pm 574 Dec 5 14:28 repo/db/revs/0/2 > > I think what we need to do is copy the permissions of an existing > read-write file such as db/current.
In the case of a long-running server like HTTPD respecting the server's umask makes more sense to me. But I agree that this approach makes sense to prevent misconfigured servers (e.g. svnserve invcations over svn+ssh) from breaking group write access. And since it matches existing behaviour, let's go for it. I think that using the 'current' file as a permissions template is fine. It must be present in any case for the repository to function.
