The aim is to set up subversion with both svnserve and apache/webdav access.
When users commit via http/apache, files are written to the filesystem and belong to apache user.
When users commit via svn/svnserve, files are written to the filesystem and belong to root user.
I tried to set up apache as a svnserve user without improvement :
cat /pathto/repo/conf/passwd
[users]
apache = XxXxXxX
cat /pathto/repo/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
password-db = passwd
[sasl]
use-sasl = false
svn: Commit failed (details follow):
svn: Can't move '/pathto/repo/db/txn-protorevs/1091-ux.rev'
to '/pathto/repo/db/revs/1/1092': Permission denied
Indeed, root is the owner of the directory, I wanted apache.
ls -ld /pathto/repo/db/revs/1/
drwxr-s--- 2 root svn 4096 Jul 17 15:25 /pathto/repo/db/revs/1/
For now I use the following workaround :
chown -R apache /pathto/repo/db/
Does anyone have a clean solution to run svnserve?
update 1 : svnserve is ran as a standalone service
update 2 : Here is /etc/sysconfig/svnserve content :
OPTIONS="--threads --root /pathto "
update 3 : I agree with JvO : using http/apache/webdav as the only access system would be much simpler. Unfortunately, a third party software has only svn:// binding and no http:// binding.
update 4 : Modifying svnserve init script should work, but does anyone has another idea?
update 5 : Added bounty : Looking for an elegant workaround
Best Answer
Clearly, your svnserve process runs as root. So change the configuration to run that process as some non-privileged user (it's not clear exactly how svnserve is started from your description; could be xinetd or something else).
Securety-wise, the best approach IMO would be to add both apache and the snvserve user to a common group (like 'svn') and change the permissions on your repository to drwxrws--- (that is, group permissions are 'sticky')