You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by kevin fauchon <ke...@gmail.com> on 2010/07/22 12:57:56 UTC
Debian svn + apache2 configuration errors
Hello,
i'm trying to make up svn + apache.
Let me explain what i hope to have:
server directory /DATA/svn will contain all my repository
so for exemple, my test project will be in /DATA/svn/test
I want to acces via http to svn.
So i need a vhost svn.monpoulpe.com who match svn repository.
http://svn.monpoulpe.com will display websvn maybe, and
http://svn.monpoulpe.com/test will display my test repository
(curently, no web gui is installed)
(i already have apache who work fine)
So, that's what i do:
aptitude install subversion libapache2-svn subversion-tools enscript
mkdir /DATA/svn/test -p
svnadmin create /DATA/svn/test
and i've edited some files:
/etc/apache2/sites-available/svn.monpoulpe.com :
<VirtualHost *>
Servername svn.monpoulpe.com
DocumentRoot /var/www/svn.monpoulpe.com/
<Directory /var/www/svn.monpoulpe.com>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location />
DAV svn
SVNPath /DATA/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /var/www/include/svn.monpoulpe.com.htpassword
AuthzSVNAccessFile /DATA/svn/config
Require valid-user
</Location>
<Location /test>
DAV svn
SVNParentPath /DATA/svn
AuthType Basic
AuthName "Subversion test"
AuthUserFile /var/www/include/svn.monpoulpe.com.htpassword
AuthzSVNAccessFile /DATA/svn/config
Require valid-user
</Location>
ErrorLog /var/log/apache2/svn_error.log
CustomLog /var/log/apache2/svn_access.log combined
</VirtualHost>
/DATA/svn/conf :
[/]
* =
anonymous = r
[test:/]
test = rw
chown www-data:subversion /DATA/svn -R
chmod 770 /DATA/svn -R
chmod g+s /DATA/svn -R
/etc/init.d/apache2 restart
And when i try to go to http://svn.monpoulpe.com/test i have a 403
forbiedden error
in my apache2 logs:
(13)Permission denied: Failed to load the AuthzSVNAccessFile: Can't open
file '/DATA/svn/config': Permission denied
authz_user and dav_svn apache modules are already loaded.
Is anybody have an idea?
RE: Debian svn + apache2 configuration errors
Posted by "Cooke, Mark" <ma...@siemens.com>.
> -----Original Message-----
> From: Jon Foster [mailto:Jon.Foster@cabot.co.uk]
> Sent: 22 July 2010 17:14
> To: kevin fauchon
> Cc: users@subversion.apache.org
> Subject: RE: Debian svn + apache2 configuration errors
>
> Hi,
>
> kevin fauchon [mailto:kevin.fauchon@gmail.com] wrote:
> > AuthzSVNAccessFile /DATA/svn/config
> [...]
> > /DATA/svn/conf:
> > [/]
> > * =
> > anonymous = r
>
> You need $anonymous here - you're missing the $. So you granted read
> access to a user that's logged in with the username
> "anonymous", not to
> anonymous users. (But I'm not sure why you don't just do
> "*=r" - any of
> your users could get read access by simply logging out).
>
> > [test:/]
> > test = rw
> [...]
> > And when i try to go to http://svn.monpoulpe.com/test
> > i have a 403 forbiedden error
>
> On a related point... I have a Python script that does "lint" like
> checks on Subversion AuthZ files. It would have detected this bug,
> since it reads the ".htpasswd" file and would have reported
> that you're
> granting permissions to a non-existant user. Would the Subversion
> developers be interested in including it in Subversion?
>
> Kind regards,
>
> Jon
>
I would be interested in seeing/using your script so +1 for getting it
added somewhere. Shame there is no 'svn-hacks.org' site like there is
for trac...
~ mark c
RE: Debian svn + apache2 configuration errors
Posted by Jon Foster <Jo...@cabot.co.uk>.
Hi,
kevin fauchon [mailto:kevin.fauchon@gmail.com] wrote:
> AuthzSVNAccessFile /DATA/svn/config
[...]
> /DATA/svn/conf:
> [/]
> * =
> anonymous = r
You need $anonymous here - you're missing the $. So you granted read
access to a user that's logged in with the username "anonymous", not to
anonymous users. (But I'm not sure why you don't just do "*=r" - any of
your users could get read access by simply logging out).
> [test:/]
> test = rw
[...]
> And when i try to go to http://svn.monpoulpe.com/test
> i have a 403 forbiedden error
On a related point... I have a Python script that does "lint" like
checks on Subversion AuthZ files. It would have detected this bug,
since it reads the ".htpasswd" file and would have reported that you're
granting permissions to a non-existant user. Would the Subversion
developers be interested in including it in Subversion?
Kind regards,
Jon
**********************************************************************
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Cabot Communications Ltd.
If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.
Cabot Communications Limited
Verona House, Filwood Road, Bristol BS16 3RY, UK
+44 (0) 1179584232
Co. Registered in England number 02817269
Please contact the sender if you believe you have received this email in error.
**********************************************************************
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
Re: Debian svn + apache2 configuration errors
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Jul 22, 2010, at 08:56, kevin fauchon wrote:
>> FYI, I'm not sure if you've got anything in /var/www/svn.monpoulpe.com/, but note that Apache will not serve anything out of that directory; since you're saying "Location /", *all* requests will be handled by Subversion.
>
> The directory is empty, but thanks for the informatinon
Ok, that's what I'd recommend: leave the DocumentRoot pointing at an empty directory.
>> What are the permissions and ownership of
>>
>> /DATA/svn/test/format
>> /DATA/svn/test
>> /DATA/svn
>> /DATA
>>
>
> chown root:root /DATA && chmod 000 /DATA
I'm not certain whether this might be too restrictive.
> chown www-data:subversion /DATA/svn -R && chmod 770 /DATA/svn -R
That seems reasonable.
I don't know if debian's chown and chmod are more lenient, but on Mac OS X the -R flag must go immediately after the command name, e.g.
chown -R www-data:subversion /DATA/svn && chmod -R 770 /DATA/svn
otherwise I get the error "-R: No such file or directory"
> chmod g+x /DATA/svn -R
I think this doesn't do anything since /DATA/svn already has execute permission for the group via the chmod 770 command above.
> apache run under www-data user and group
Seems ok.
> My unix user "test" is member of unix group test and subversion
Doesn't seem related. (User "test" isn't being used anywhere here.)
Do you have SELinux enabled on this box? If so it must be configured too:
http://subversion.apache.org/faq.html#reposperms
Re: Debian svn + apache2 configuration errors
Posted by kevin fauchon <ke...@gmail.com>.
> FYI, I'm not sure if you've got anything in /var/www/svn.monpoulpe.com/,
> but note that Apache will not serve anything out of that directory; since
> you're saying "Location /", *all* requests will be handled by Subversion.
>
The directory is empty, but thanks for the informatinon
What are the permissions and ownership of
>
> /DATA/svn/test/format
> /DATA/svn/test
> /DATA/svn
> /DATA
>
chown root:root /DATA && chmod 000 /DATA
chown www-data:subversion /DATA/svn -R && chmod 770 /DATA/svn -R
chmod g+x /DATA/svn -R
Under which user is your apache server running?
>
> apache run under www-data user and group
My unix user "test" is member of unix group test and subversion
Re: Debian svn + apache2 configuration errors
Posted by Ryan Schmidt <su...@ryandesign.com>.
You should Reply All so this discussion stays on the mailing list.
On Jul 22, 2010, at 08:42, kevin fauchon wrote:
> I have edited the file, so my chost is now:
>
> Servername svn.monpoulpe.com
> DocumentRoot /var/www/svn.monpoulpe.com/
> <Directory /var/www/svn.monpoulpe.com>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
> <Location />
FYI, I'm not sure if you've got anything in /var/www/svn.monpoulpe.com/, but note that Apache will not serve anything out of that directory; since you're saying "Location /", *all* requests will be handled by Subversion.
> DAV svn
> SVNParentPath /DATA/svn
> AuthType Basic
> AuthName "Subversion Repository"
> AuthUserFile /var/www/include/svn.monpoulpe.com.htpassword
> #AuthzSVNAccessFile /DATA/svn/config
> Require valid-user
> </Location>
> ErrorLog /var/log/apache2/svn_error.log
> CustomLog /var/log/apache2/svn_access.log combined
> </VirtualHost>
>
> And now, the 403 error is gone.
> But i have a new one....
>
> (20014)Internal error: Can't open file '/DATA/svn/test/format': Permission denied
> Could not fetch resource information. [500, #0]
> Could not open the requested SVN filesystem [500, #13]
>
>
> Rights are OK, svnadmin verify test is OK too...
> Apache modules are OK, and i don't understand where is the problem.
What are the permissions and ownership of
/DATA/svn/test/format
/DATA/svn/test
/DATA/svn
/DATA
?
Under which user is your apache server running?
Re: Debian svn + apache2 configuration errors
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Jul 22, 2010, at 07:57, kevin fauchon wrote:
> server directory /DATA/svn will contain all my repository
> so for exemple, my test project will be in /DATA/svn/test
> <Location />
> DAV svn
> SVNPath /DATA/svn
Then this should be SVNParentPath /DATA/svn
> <Location /test>
> DAV svn
> SVNParentPath /DATA/svn
> AuthType Basic
> AuthName "Subversion test"
> AuthUserFile /var/www/include/svn.monpoulpe.com.htpassword
> AuthzSVNAccessFile /DATA/svn/config
> Require valid-user
> </Location>
And this block should be deleted entirely.