This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: subversion and permissions


Greetings, Denis Excoffier!

> I'm asking for advice because i don't know how to handle this.

> I have access to an svn repository through the "file:" protocol. The svn repository
> is homed on an ntfs disk, with all ACL permissions inherited from a top directory:
> various kinds of Administrators (not me) have many rights. A single dedicated
> group is allowed r/w access, and i belong to this group of course, like all
> my colleagues that also have access to this repository.

> Most of my colleagues use Windows tools (TortoiseSVN) and all is ok for them.

> I'd like to use Cygwin of course, and we have subversion-1.8.10 (on x86) which is
> in use at other places and seems ok. Indeed, 'svn checkout' and more generally
> all read-only activity does work perfectly on this repository. But i do encounter
> some problems with 'svn commit': it always fail with "Permission denied".

There's no big reason to use Cygwin Subversion client, but, if you insist...

> I tried to write directly to the disk and of course it works. The issue (to my
> current understanding) is (details omitted):
> - svn internally uses a temporary file (e.g. the file "current" under the folder "db")
> - the file is created (in fact: truncated to empty) by Cygwin with
>   permissions set to '---rwx---': no permissions for user (the ACL entries show
>   no mention of any user), rwx for group (and for
>   others we don't care)
> - Cygwin (chmod in fact, called by libapr) implements the '---' for user: it insists,
>   using the Deny/Allow mechanism described in
>   https://cygwin.com/cygwin-ug-net/ntsec.html, that the user will not be capable
>   of reading the file, and... succeeds
> - indeed, the user (i.e. the svn process that created the file) cannot read it any
>   more and terminates with permission denied (and repository is locked and must be
>   manually "svnadmin recover'ed").

> In fact, Windows users do not need to have any personal right on a file to be
> able to read its content: it is enough that they belong to a group that has the
> appropriate access. For Cygwin users, this is not the same: permissions for user
> and permissions for group are separate.

> To make things work today, i had no better idea than patching the Cygwin dll in
> order to temporarily disconnect the insertion of Deny rights. It works of course,
> but it cannot be an option for tomorrow.

Look, this happens, when you are not reading documentation...
http://cygwin.com/cygwin-ug-net/highlights.html#ov-hi-perm
http://cygwin.com/cygwin-ug-net/ntsec.html

Or, if you're in a hurry, the 'noacl' mount flag is what you are looking for.

> Is there any way to handle this problem cleanly, preferably without changing any
> permissions on the repository? I tried to mount the disk noacl, the problem remains
> exactly the same.

The problem will "remain exactly the same", only if you try to access the
repository directly (i.e. not using the same path as specified by mount
point), as long as cygdrive mount point insist on imposing POSIX permissions.
Perhaps you didn't switch your working directory after making a mount point?


--
WBR,
Andrey Repin (anrdaemon@yandex.ru) 28.11.2014, <05:20>

Sorry for my terrible english...


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]