You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Dave Pawson <da...@gmail.com> on 2011/01/18 14:43:44 UTC
Subversion setup
I'm resurrecting a subversion setup.
subversion 1.6.5 on apache 2.
Apache setup
<Location /repos>
Dav svn
SVNParentPath /srv
Authtype Basic
AuthName "..."
AuthuserFile /etc/svnauthfile
Require valid-user
</Location>
user apache is set as owner of /srv and all subdirectories
I used, as root,
svnadmin create /srv/files
svnadmin create /srv/pac
Then updated ownership again.
I set two users for access
#htpasswd -cm /etc/svnauthfile dpawson
#htpasswd -m /etc/svnauthfile sue
On the server, as root I can import files OK.
as a normal user I can't, and I'm getting
svn: Can't open file /srv/files/db/txn-current-lock': Permission denied
>From a client
# svn list --username dpawson http://192.168.1.74/repos/files
svn: access to 'http://192.168.1.74/repos/files' forbidden
I guess it's a common 403 error code, but I can't figure out
where the permissions are wrong.
any suggestions please.
TIa
--
Dave Pawson
Re: Subversion setup
Posted by Dave Pawson <da...@gmail.com>.
> Did you import the initial repository content as local root, using
> a "file://" URL? In that case, some files inside the "db" directory
> would now be owned by root.
The only way I could import into the repo was as root.
>
> I'd double-check the permissions on the following dirs & files.
>
> /etc/svnauthfile (just in case)
No, I think you've got it there Steve :-)
I ran htpasswd as root, so the file will be owned by root.
>
> /srv
> /srv/files
> /srv/files/db
> /srv/files/db/txn-current-lock
After creating them I ran
#chown -R apache:apache /srv
so they should be OK
>
> Also, are ACLs in effect? SELinux, for example, can block Apache.
<grin/> No, more than that, it can block me from
using my computer!
I switch it off as part of my initial setup! Horrible thing.
I'll let you know, but I think you have found the problem.
Many thanks.
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
Re: Subversion setup
Posted by Dave Pawson <da...@gmail.com>.
On 19 January 2011 18:16, Stephen Butler <sb...@elego.de> wrote:
> Did you import the initial repository content as local root, using
> a "file://" URL? In that case, some files inside the "db" directory
> would now be owned by root.
>
> I'd double-check the permissions on the following dirs & files.
>
> /etc/svnauthfile (just in case)
Ah well, good try.
# ls -al /etc/svnauthfile
-rw-r--r-- 1 apache apache 88 2011-01-18 13:21 /etc/svnauthfile
no, that is owned by apache too.
from the same machine as the repo,
[root@marge files]# svn import knots http://192.168.1.74/repos/files
-m "initial"
svn: Server sent unexpected return value (403 Forbidden) in response
to OPTIONS request for 'http://192.168.1.74/repos/files'
So although I can import using file:/// it also blocks me (as root)
when I use http://
Is it something in the apache setup?
regards
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
Re: Subversion setup
Posted by Stephen Butler <sb...@elego.de>.
On Jan 18, 2011, at 14:43 , Dave Pawson wrote:
> I'm resurrecting a subversion setup.
> subversion 1.6.5 on apache 2.
>
> Apache setup
> <Location /repos>
> Dav svn
> SVNParentPath /srv
> Authtype Basic
> AuthName "..."
> AuthuserFile /etc/svnauthfile
> Require valid-user
> </Location>
>
> user apache is set as owner of /srv and all subdirectories
> I used, as root,
> svnadmin create /srv/files
> svnadmin create /srv/pac
>
> Then updated ownership again.
>
> I set two users for access
> #htpasswd -cm /etc/svnauthfile dpawson
> #htpasswd -m /etc/svnauthfile sue
>
>
>
> On the server, as root I can import files OK.
> as a normal user I can't, and I'm getting
> svn: Can't open file /srv/files/db/txn-current-lock': Permission denied
>
> From a client
> # svn list --username dpawson http://192.168.1.74/repos/files
> svn: access to 'http://192.168.1.74/repos/files' forbidden
>
> I guess it's a common 403 error code, but I can't figure out
> where the permissions are wrong.
Did you import the initial repository content as local root, using
a "file://" URL? In that case, some files inside the "db" directory
would now be owned by root.
I'd double-check the permissions on the following dirs & files.
/etc/svnauthfile (just in case)
/srv
/srv/files
/srv/files/db
/srv/files/db/txn-current-lock
Also, are ACLs in effect? SELinux, for example, can block Apache.
HTH,
Steve
--
Stephen Butler | Senior Consultant
elego Software Solutions GmbH
Gustav-Meyer-Allee 25 | 13355 Berlin | Germany
fon: +49 30 2345 8696 | mobile: +49 163 25 45 015
fax: +49 30 2345 8695 | http://www.elegosoft.com
Geschäftsführer: Olaf Wagner | Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194
Re: Subversion setup
Posted by Dave Pawson <da...@gmail.com>.
On 19 January 2011 11:51, Prabhu Gnana Sundar <pr...@collab.net> wrote:
> Hi Dave,
>
> On Wednesday 19 January 2011 03:35 PM, Dave Pawson wrote:
>
> Still looking for the source of my 403 errors Steve?
> Any ideas please?
>
> I have no need for path based permissions? It is advised against in
> fact in the book?
>
> I am sorry if I misunderstood. And may be you just followed the book without
> reading the entire thing. The book clearly states as below:
>
> <snip>
>
> On the opposite end of the paranoia scale, you can configure your block to
> demand authentication from everyone. All clients must supply credentials to
> identify themselves. Your block unconditionally requires authentication via
> the Require valid-user directive, and it defines a means to authenticate.
Yes, I do want authentication, but not path based?
>
> So I guess my earlier suggestion should do the work for you.
That is not the problem I'm facing though?
The 403 error is my problem.
regards
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
Re: Subversion setup
Posted by Prabhu Gnana Sundar <pr...@collab.net>.
Hi Dave,
On Wednesday 19 January 2011 03:35 PM, Dave Pawson wrote:
> Still looking for the source of my 403 errors Steve?
> Any ideas please?
>>> I have no need for path based permissions? It is advised against in
>>> fact in the book?
I am sorry if I misunderstood. And may be you just followed the book
without reading the entire thing. The book clearly states as below:
<snip>
On the opposite end of the paranoia scale, you can configure your block
to demand authentication from everyone. All clients must supply
credentials to identify themselves. Your block unconditionally requires
authentication via the |Require valid-user| directive, and it defines a
means to authenticate. (See Example 6.2, “A sample configuration for
authenticated access”
<http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.httpd.authz.perdir.ex-2>.)
*Example 6.2. A sample configuration for authenticated access*
<Location /repos>
DAV svn
SVNParentPath /var/svn
# our access control policy
AuthzSVNAccessFile /path/to/access/file
# only authenticated users may access the repository
Require valid-user
# how to authenticate a user
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/users/file
</Location>
</snip>
So I guess my earlier suggestion should do the work for you. And I would be more than happy to hear from you :)
>> Hi Dave,
>>
>> you're correct. The path-based permission scheme is optional. Most
>> Subversion servers don't need it.
>>
>> Regards,
>> Steve
>>
I do agree that path-based permission scheme is optional. :)
Thanks and regards
Prabhu
Re: Subversion setup
Posted by Dave Pawson <da...@gmail.com>.
Still looking for the source of my 403 errors Steve?
Any ideas please?
regards DaveP
On 19 January 2011 09:57, Stephen Butler <sb...@elego.de> wrote:
>
> On Jan 19, 2011, at 9:25 , Dave Pawson wrote:
>
>> On 19 January 2011 07:36, Prabhu Gnana Sundar <pr...@collab.net> wrote:
>>> Hi Dave,
>>>
>>>
>>> On Tuesday 18 January 2011 07:13 PM, Dave Pawson wrote:
>>>>
>>>> I'm resurrecting a subversion setup.
>>>> subversion 1.6.5 on apache 2.
>>>>
>>>> Apache setup
>>>> <Location /repos>
>>>> Dav svn
>>>> SVNParentPath /srv
>>>> Authtype Basic
>>>> AuthName "..."
>>>> AuthuserFile /etc/svnauthfile
>>>> Require valid-user
>>>> </Location>
>>>>
>>>
>>> Clearly, you are using Authz. But you have *missed* out the
>>> "AuthzSVNAccessFile" in your config file, which could be something like,
>>>
>>> AuthzSVNAccessFile /path/to/path-authz-file
>>
>> ? AFAIK I'm using basic http authorization?
>> Authtype Basic?
>> http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.httpd.authn.basic
>> AuthuserFile /etc/svnauthfile specifies the pwd file?
>>
>>
>>
>>
>>
>>
>> I have no need for path based permissions? It is advised against in
>> fact in the book?
>
> Hi Dave,
>
> you're correct. The path-based permission scheme is optional. Most
> Subversion servers don't need it.
>
> Regards,
> Steve
>
> --
> Stephen Butler | Senior Consultant
> elego Software Solutions GmbH
> Gustav-Meyer-Allee 25 | 13355 Berlin | Germany
> fon: +49 30 2345 8696 | mobile: +49 163 25 45 015
> fax: +49 30 2345 8695 | http://www.elegosoft.com
> Geschäftsführer: Olaf Wagner | Sitz der Gesellschaft: Berlin
> Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194
>
>
>
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
Re: Subversion setup
Posted by Stephen Butler <sb...@elego.de>.
On Jan 19, 2011, at 9:25 , Dave Pawson wrote:
> On 19 January 2011 07:36, Prabhu Gnana Sundar <pr...@collab.net> wrote:
>> Hi Dave,
>>
>>
>> On Tuesday 18 January 2011 07:13 PM, Dave Pawson wrote:
>>>
>>> I'm resurrecting a subversion setup.
>>> subversion 1.6.5 on apache 2.
>>>
>>> Apache setup
>>> <Location /repos>
>>> Dav svn
>>> SVNParentPath /srv
>>> Authtype Basic
>>> AuthName "..."
>>> AuthuserFile /etc/svnauthfile
>>> Require valid-user
>>> </Location>
>>>
>>
>> Clearly, you are using Authz. But you have *missed* out the
>> "AuthzSVNAccessFile" in your config file, which could be something like,
>>
>> AuthzSVNAccessFile /path/to/path-authz-file
>
> ? AFAIK I'm using basic http authorization?
> Authtype Basic?
> http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.httpd.authn.basic
> AuthuserFile /etc/svnauthfile specifies the pwd file?
>
>
>
>
>
>
> I have no need for path based permissions? It is advised against in
> fact in the book?
Hi Dave,
you're correct. The path-based permission scheme is optional. Most
Subversion servers don't need it.
Regards,
Steve
--
Stephen Butler | Senior Consultant
elego Software Solutions GmbH
Gustav-Meyer-Allee 25 | 13355 Berlin | Germany
fon: +49 30 2345 8696 | mobile: +49 163 25 45 015
fax: +49 30 2345 8695 | http://www.elegosoft.com
Geschäftsführer: Olaf Wagner | Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194
Re: Subversion setup
Posted by Dave Pawson <da...@gmail.com>.
On 19 January 2011 07:36, Prabhu Gnana Sundar <pr...@collab.net> wrote:
> Hi Dave,
>
>
> On Tuesday 18 January 2011 07:13 PM, Dave Pawson wrote:
>>
>> I'm resurrecting a subversion setup.
>> subversion 1.6.5 on apache 2.
>>
>> Apache setup
>> <Location /repos>
>> Dav svn
>> SVNParentPath /srv
>> Authtype Basic
>> AuthName "..."
>> AuthuserFile /etc/svnauthfile
>> Require valid-user
>> </Location>
>>
>
> Clearly, you are using Authz. But you have *missed* out the
> "AuthzSVNAccessFile" in your config file, which could be something like,
>
> AuthzSVNAccessFile /path/to/path-authz-file
? AFAIK I'm using basic http authorization?
Authtype Basic?
http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.httpd.authn.basic
AuthuserFile /etc/svnauthfile specifies the pwd file?
I have no need for path based permissions? It is advised against in
fact in the book?
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
Re: Subversion setup
Posted by Prabhu Gnana Sundar <pr...@collab.net>.
Hi Dave,
On Tuesday 18 January 2011 07:13 PM, Dave Pawson wrote:
> I'm resurrecting a subversion setup.
> subversion 1.6.5 on apache 2.
>
> Apache setup
> <Location /repos>
> Dav svn
> SVNParentPath /srv
> Authtype Basic
> AuthName "..."
> AuthuserFile /etc/svnauthfile
> Require valid-user
> </Location>
>
Clearly, you are using Authz. But you have *missed* out the
"AuthzSVNAccessFile" in your config file, which could be something like,
AuthzSVNAccessFile /path/to/path-authz-file
Hence your config file must look like:
<Location /repos>
Dav svn
SVNParentPath /srv
Authtype Basic
AuthName "..."
AuthuserFile /etc/svnauthfile
AuthzSVNAccessFile path/to/path-authz-file
Require valid-user
</Location>
path-authz-file is the file where you specify the path-based permissions
to the users.
Here is a sample:
[pac:/]
dpawson = rw
sue = r
> user apache is set as owner of /srv and all subdirectories
> I used, as root,
> svnadmin create /srv/files
> svnadmin create /srv/pac
Hope this helps you :)
Thanks and regards
Prabhu