If you want to set up a shared Subversion repository, accessible over SSH, you need to make the following three directories group-writeable (and setgid):

  1. /path/to/svn/repository/db
  2. /path/to/svn/repository/locks
  3. /path/to/svn/repository/dav (not sure about this, it's likely that it is not necessary if you only want SSH access)

You also need to make sure that all user accounts that access the repository have the correct umask (002 instead of the default 022). If you do not do that, the repository will break when two different developers access it, and you'll have to go fix the permissions and run svnadmin recover.

Setting the umask is tricky because there are a lot of places where you think you could set it, but most of them do not work. Also, testing is difficult because interactive SSH sessions act differently from noninteractive ones. Here are some red herrings:

  • Debian's /etc/.bash_profile claims that "the default umask is set in /etc/login.defs", but SSH sessions apparenly completely ignore /etc/login.defs.
  • /etc/profile is ignored in non-interactive SSH sessions.
  • Creating a wrapper for svnserve that sets the umask and executes the default does not solve the problem if you put the wrapper in /usr/local/bin, because /usr/bin comes first in the default PATH setting. Again, the PATH definition in /etc/login.defs is ignored for SSH sessions, so you have to fiddle with bash startup files -- and if you do that, you might as well simply set the umask.

The correct solution is to put umask 002 in /etc/bash.bashrc, and make sure that user's .bashrc files do not override it.