You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by David Southwell <da...@vizion2000.net> on 2007/08/14 10:07:23 UTC

New to Subversion: Auth setup problem

Hi 
I am new to subversion and have hit a problem - if anyone feels like helping 
it would be much appreciated.

I have set up subversion to run with apache.
Versions:

apache-2.2.4_2 
subversion-1.4.4_1

I can connect remotely from a client to the server, using name|password 
combination so authentication appears to work fine but authorization is 
failing. 

This is a new repository as can be seen from the output of the 
svnlook. An initial import attempt from the client fails with the client 
reporting" RA Layer request failed"and "403 forbidden" error from the server.

Clearly I have something wrong in my authorization set up. Can anyone point me 
in the right direction?

I have chosen to use an SVNParentPath configuration for multiple repositories 
to exist under the same "root" with all repositories sharing the same 
AuthzSVNAccessFile. 
I have made all repository paths owner:group www:www


 
1. Here are my entries in  hhtp.conf
##### Modules include
LoadModule dav_module libexec/apache22/mod_dav.so
LoadModule dav_svn_module     libexec/apache22/mod_dav_svn.so
LoadModule authz_svn_module   libexec/apache22/mod_authz_svn.so
##### Location entry:
<Location /svnhome>
        DAV svn
        SVNParentPath /usr2/svnhome
        SVNListParentPath on
# Access control Policy
        AuthzSVNAccessFile /usr/local/etc/apache22/Authz_svnhome

# try anonymous access first, resort to authentication
# if necessary
        
        Require valid-user
        AuthType Basic
        AuthName "Svn Repository"
        AuthUserFile /usr/local/etc/apache22/svn-auth-methusela_02
        
</Location>
CustomLog       /usr/local/etc/apache22/svn_logfile "%t %u %{SVN-ACTION}e" 
env=SVN-ACTION       
#####

2. My AuthzSVNAccessFile
#####
AuthzSVNAccessFile /usr/local/etc/apache22/Authz_svnhome
[/]
* = r
[/usr2/svnhome]
* =r
[project_meth: /usr2/svnhome/project_meth]
david = rw
test = r
#####

3. Output from svnlook
#####
svnlook info /usr2/svnhome/project_meth

2007-08-13 03:09:11 -0700 (Mon, 13 Aug 2007)
0
#####

4. http-error.log
#####
httpd-error.log
[Mon Aug 13 09:30:04 2007] [error] [client 192.168.15.1] Access 
denied: 'david' MKACTIVITY project_meth:
#####

5. svn_logfile
#####
[13/Aug/2007:08:49:56 -0700] david list-dir '/'
[13/Aug/2007:08:51:47 -0700] david list-dir '/'
#####

6.I have made no changes to the files created by the svnadmin create command 
apart from svnserve.conf which reads:
########
anon-access = read
auth-access = write
password-db = /usr/local/etc/apache22/svn-auth-methusela_02
authz-db = /usr/local/etc/apache22/Authz_svnhome.
#######

All help appreciated
Thanks in advance
david

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: New to Subversion: Auth setup problem

Posted by Rick Jones <ri...@hp.com>.

David Southwell wrote:
> Hi 
> I am new to subversion and have hit a problem - if anyone feels like helping 
> it would be much appreciated.
> 
> I have set up subversion to run with apache.
> Versions:
> 
> apache-2.2.4_2 
> subversion-1.4.4_1
> 
> I can connect remotely from a client to the server, using name|password 
> combination so authentication appears to work fine but authorization is 
> failing. 
> 
> This is a new repository as can be seen from the output of the 
> svnlook. An initial import attempt from the client fails with the client 
> reporting" RA Layer request failed"and "403 forbidden" error from the server.
> 
> Clearly I have something wrong in my authorization set up. Can anyone point me 
> in the right direction?
> 
> I have chosen to use an SVNParentPath configuration for multiple repositories 
> to exist under the same "root" with all repositories sharing the same 
> AuthzSVNAccessFile. 
> I have made all repository paths owner:group www:www

At some points in the past I've used this within a repository's heirarchy:

www:/svn# cat permission_fixup_instructions
chmod -R g+w *; chmod 444 format
find . -type d -exec chmod g+s {} \;

to make sure things were group writable.  Sometimes they were not.  I 
forget exactly where I got it, but it was probably from an old posting 
here a few years ago when I first started putting netperf into subversion.

rick jones

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org