I've set-up a subversion server accessible with Apache/DAV and after screwing up the repositories file permissions a couple of days ago I started wondering if there's a better way to do this than the way I'm doing it.
The repositories are owned by a dedicated user and group, and apache runs as the customary www:www user, hence it has no write permissions to the repositories. So far my solution has been to add the www user to the svn group and make sure that the files inside the repositories are group-writable... but six months from now I'll create a new repository, forget to fix file permissions and get some email as soon as someone tries to commit something.
Is there any other way to do that? Maybe force svnadmin to create repositories group-writable in the first place? (In case you're wondering the server is FreeBSD 6.2)
When you access the repository with Apache, the user Apache runs as must have write permission. So, the simplest solution is to give the repository to this user.
Here is how it looks on my Debian machine where Apache runs as
www-data:% ls -ald /home/Subversion-Repository drwxr-xr-x 7 www-data www-data 4096 Nov 14 10:02 /home/Subversion-RepositoryThis is only a problem if you want the same repository to be accessible via Apache/DAV and via another mean. But this practice is discouraged. I quote:
The long term solution is to use ACLS to allow the www user write access to the directory tree and all future directories created in the tree.
Try this URL to get started.
http://www.onlamp.com/pub/a/bsd/2005/09/22/FreeBSD_Basics.html
-Brian