format: Permission denied even when read permissions are set

[Jeremy Conlin]

I just created a new repository, and loaded it with some initial
files. However when I go to checkout from my repository I get the
following:

$ svn checkout svn+ssh://jlco...@myserver.com/path/to/repos/Repo CP
Password:
svn: Can't open file '/path/to/repos/Repo/format': Permission denied

I can log via ssh to check on the permissions of format and this is
what they are:

$ ls -lh
total 9.5K
-rw-rw-r-- 1 jlconlin jlconlin 229 Mar 11 06:55 README.txt
drwxrwxr-x 2 jlconlin jlconlin 5 Mar 11 06:55 conf
drwxrwxr-x 2 jlconlin jlconlin 2 Mar 11 06:55 dav
drwxrwsr-x 5 jlconlin jlconlin 10 Mar 11 06:56 db
-rw-rw-r-- 1 jlconlin jlconlin 2 Mar 11 06:55 format
drwxrwxr-x 2 jlconlin jlconlin 11 Mar 11 06:55 hooks
drwxrwxr-x 2 jlconlin jlconlin 4 Mar 11 06:55 locks

It seems clear to me that I have both read and write permissions for
the 'format' file. When I log in, I can view the file and see that
the format says '5'.

Does anyone know what is going wrong here?

Thanks,
Jeremy

[Giulio Troccoli]

Check the user who runs svnserve. Does IT have permission to read and write?

Giulio

Linedata Services (UK) Ltd
Registered Office: Bishopsgate Court, 4-12 Norton Folgate, London, E1 6DB
Registered in England and Wales No 3027851 VAT Reg No 778499447

[Giulio Troccoli]

> > Check the user who runs svnserve. Does IT have permission
> to read and write?
>

> How do I do that? I've never had a need to do that before,
> so I've never looked up how to do it.

You're probably right actually. I don't have any experience with svnserve, but thinking about and remembering from other posts I'd been reading, when using svn+ssh a one-off svnserve process is started, which should run under the user that authenticates.

As I said thought I don't have experience with svn+ssh.

And please, reply to all so the discussione stays on the list.

[David Weintraub]

The way svn+ssh works is very strange. svnserve is executed by each
user that uses the svn+ssh protocol. That means that you have to make
sure that all of these users are in the same group, and that group has
read/write permission on the entire Subversion archive. Plus, you have
to set umask for each user, so when they create a new file in the
Subversion repository, it is read/writeable by everyone in the group.

Take a look at the Tunneling Over SSH chapter in the Subversion on line book:
<http://bit.ly/c7gxv5>.

--
David Weintraub
qaz...@gmail.com

[Jeremy Conlin]

Thanks for the reminder. Currently it is just one user (me) that is
accessing this repository and I know I have access to the files and
folder in the directory as I showed in an earlier email and because I
can go inside and see everything. What else could be wrong?

Thanks,
Jeremy

[David Weintraub]

Is this Subversion repository on your system or on another system? It
could very well be that when you login as SSH, you are not exactly the
user you think you are.

Can you SSH directly into that system, check out your user ID and
verify that its the ID you think it is?

(Of course, you SHOULDN'T be able to SSH into the Subversion
repository because that would allow users to munge the repository
directly which they shouldn't be doing. But if you can, you can at
least verify that you are who you think you are.)

--
David Weintraub
qaz...@gmail.com

[Jeremy Conlin]

On Thu, Mar 11, 2010 at 10:22 AM, David Weintraub <qaz...@gmail.com> wrote:
> On Thu, Mar 11, 2010 at 12:07 PM, Jeremy Conlin <jlco...@gmail.com> wrote:
>> On Thu, Mar 11, 2010 at 9:27 AM, David Weintraub <qaz...@gmail.com> wrote:
>> Thanks for the reminder.  Currently it is just one user (me) that is
>> accessing this repository and I know I have access to the files and
>> folder in the directory as I showed in an earlier email and because I
>> can go inside and see everything.  What else could be wrong?
>
> Is this Subversion repository on your system or on another system? It
> could very well be that when you login as SSH, you are not exactly the
> user you think you are.
>
> Can you SSH directly into that system, check out your user ID and
> verify that its the ID you think it is?

Yes I can do this and I have verified that I am a member of the group
that owns the files and folders of the repository. The owning group
has read and write permissions.

>
> (Of course, you SHOULDN'T be able to SSH into the Subversion
> repository because that would allow users to munge the repository
> directly which they shouldn't be doing. But if you can, you can at
> least verify that you are who you think you are.)

How can you prevent this and still allow the users to read and write
to the repository?

Thanks,
Jeremy

[Ryan Schmidt]

On Mar 11, 2010, at 11:27, Jeremy Conlin wrote:

> On Thu, Mar 11, 2010 at 10:22 AM, David Weintraub wrote:
>>
>
>> (Of course, you SHOULDN'T be able to SSH into the Subversion
>> repository because that would allow users to munge the repository
>> directly which they shouldn't be doing. But if you can, you can at
>> least verify that you are who you think you are.)
>
> How can you prevent this and still allow the users to read and write
> to the repository?

It gets a bit involved but it should be described here:

http://svnbook.red-bean.com/en/1.5/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks

If you're the only user here, presumably you won't mess up your own repository (at least not intentionally) so I wouldn't necessarily worry about this at this point.