Subversion setup
Dave Pawson
subversion 1.6.5 on apache 2.
Apache setup
<Location /repos>
Dav svn
SVNParentPath /srv
Authtype Basic
AuthName "..."
AuthuserFile /etc/svnauthfile
Require valid-user
</Location>
user apache is set as owner of /srv and all subdirectories
I used, as root,
svnadmin create /srv/files
svnadmin create /srv/pac
Then updated ownership again.
I set two users for access
#htpasswd -cm /etc/svnauthfile dpawson
#htpasswd -m /etc/svnauthfile sue
On the server, as root I can import files OK.
as a normal user I can't, and I'm getting
svn: Can't open file /srv/files/db/txn-current-lock': Permission denied
From a client
# svn list --username dpawson http://192.168.1.74/repos/files
svn: access to 'http://192.168.1.74/repos/files' forbidden
I guess it's a common 403 error code, but I can't figure out
where the permissions are wrong.
any suggestions please.
TIa
--
Dave Pawson
Prabhu Gnana Sundar
On Tuesday 18 January 2011 07:13 PM, Dave Pawson wrote:
> I'm resurrecting a subversion setup.
> subversion 1.6.5 on apache 2.
>
> Apache setup
> <Location /repos>
> Dav svn
> SVNParentPath /srv
> Authtype Basic
> AuthName "..."
> AuthuserFile /etc/svnauthfile
> Require valid-user
> </Location>
>
Clearly, you are using Authz. But you have *missed* out the
"AuthzSVNAccessFile" in your config file, which could be something like,
AuthzSVNAccessFile /path/to/path-authz-file
Hence your config file must look like:
<Location /repos>
Dav svn
SVNParentPath /srv
Authtype Basic
AuthName "..."
AuthuserFile /etc/svnauthfile
AuthzSVNAccessFile path/to/path-authz-file
Require valid-user
</Location>
path-authz-file is the file where you specify the path-based permissions
to the users.
Here is a sample:
[pac:/]
dpawson = rw
sue = r
> user apache is set as owner of /srv and all subdirectories
> I used, as root,
> svnadmin create /srv/files
> svnadmin create /srv/pac
Hope this helps you :)
Thanks and regards
Prabhu
Dave Pawson
> Hi Dave,
>
>
> On Tuesday 18 January 2011 07:13 PM, Dave Pawson wrote:
>>
>> I'm resurrecting a subversion setup.
>> subversion 1.6.5 on apache 2.
>>
>> Apache setup
>> <Location /repos>
>> Dav svn
>> SVNParentPath /srv
>> Authtype Basic
>> AuthName "..."
>> AuthuserFile /etc/svnauthfile
>> Require valid-user
>> </Location>
>>
>
> Clearly, you are using Authz. But you have *missed* out the
> "AuthzSVNAccessFile" in your config file, which could be something like,
>
> AuthzSVNAccessFile /path/to/path-authz-file
? AFAIK I'm using basic http authorization?
Authtype Basic?
http://svnbook.red-bean.com/en/1.5/svn-book.html#svn.serverconfig.httpd.authn.basic
AuthuserFile /etc/svnauthfile specifies the pwd file?
I have no need for path based permissions? It is advised against in
fact in the book?
--
Dave Pawson
XSLT XSL-FO FAQ.
Docbook FAQ.
http://www.dpawson.co.uk
Stephen Butler
Hi Dave,
you're correct. The path-based permission scheme is optional. Most
Subversion servers don't need it.
Regards,
Steve
--
Stephen Butler | Senior Consultant
elego Software Solutions GmbH
Gustav-Meyer-Allee 25 | 13355 Berlin | Germany
fon: +49 30 2345 8696 | mobile: +49 163 25 45 015
fax: +49 30 2345 8695 | http://www.elegosoft.com
Geschäftsführer: Olaf Wagner | Sitz der Gesellschaft: Berlin
Amtsgericht Charlottenburg HRB 77719 | USt-IdNr: DE163214194
Dave Pawson
Any ideas please?
regards DaveP
--
Prabhu Gnana Sundar
On Wednesday 19 January 2011 03:35 PM, Dave Pawson wrote:
Still looking for the source of my 403 errors Steve? Any ideas please?
I am sorry if I misunderstood. And may be you just followed the book without reading the entire thing. The book clearly states as below:I have no need for path based permissions? It is advised against in fact in the book?
<snip>
On the opposite end of the paranoia scale, you can configure your
block to demand authentication from everyone. All clients must
supply credentials to identify themselves. Your block
unconditionally requires authentication via the Require valid-user directive, and it
defines a means to authenticate. (See Example 6.2, “A sample configuration for authenticated
access”.)
Example 6.2. A sample configuration for authenticated access
<Location /repos> DAV svn SVNParentPath /var/svn # our access control policy AuthzSVNAccessFile /path/to/access/file # only authenticated users may access the repository Require valid-user # how to authenticate a user AuthType Basic AuthName "Subversion repository" AuthUserFile /path/to/users/file </Location> </snip> So I guess my earlier suggestion should do the work for you. And I would be more than happy to hear from you :)
Hi Dave, you're correct. The path-based permission scheme is optional. Most Subversion servers don't need it. Regards, Steve
Thanks and regards
Prabhu
Dave Pawson
> Hi Dave,
>
> On Wednesday 19 January 2011 03:35 PM, Dave Pawson wrote:
>
> Still looking for the source of my 403 errors Steve?
> Any ideas please?
>
> I have no need for path based permissions? It is advised against in
> fact in the book?
>
> I am sorry if I misunderstood. And may be you just followed the book without
> reading the entire thing. The book clearly states as below:
>
> <snip>
>
> On the opposite end of the paranoia scale, you can configure your block to
> demand authentication from everyone. All clients must supply credentials to
> identify themselves. Your block unconditionally requires authentication via
> the Require valid-user directive, and it defines a means to authenticate.
Yes, I do want authentication, but not path based?
>
> So I guess my earlier suggestion should do the work for you.
That is not the problem I'm facing though?
The 403 error is my problem.
regards
Stephen Butler
Did you import the initial repository content as local root, using
a "file://" URL? In that case, some files inside the "db" directory
would now be owned by root.
I'd double-check the permissions on the following dirs & files.
/etc/svnauthfile (just in case)
/srv
/srv/files
/srv/files/db
/srv/files/db/txn-current-lock
Also, are ACLs in effect? SELinux, for example, can block Apache.
HTH,
Dave Pawson
> a "file://" URL? In that case, some files inside the "db" directory
> would now be owned by root.
The only way I could import into the repo was as root.
>
> I'd double-check the permissions on the following dirs & files.
>
> /etc/svnauthfile (just in case)
No, I think you've got it there Steve :-)
I ran htpasswd as root, so the file will be owned by root.
>
> /srv
> /srv/files
> /srv/files/db
> /srv/files/db/txn-current-lock
After creating them I ran
#chown -R apache:apache /srv
so they should be OK
>
> Also, are ACLs in effect? SELinux, for example, can block Apache.
<grin/> No, more than that, it can block me from
using my computer!
I switch it off as part of my initial setup! Horrible thing.
I'll let you know, but I think you have found the problem.
Many thanks.
Dave Pawson
> Did you import the initial repository content as local root, using
> a "file://" URL? In that case, some files inside the "db" directory
> would now be owned by root.
>
> I'd double-check the permissions on the following dirs & files.
>
> /etc/svnauthfile (just in case)
Ah well, good try.
# ls -al /etc/svnauthfile
-rw-r--r-- 1 apache apache 88 2011-01-18 13:21 /etc/svnauthfile
no, that is owned by apache too.
from the same machine as the repo,
[root@marge files]# svn import knots http://192.168.1.74/repos/files
-m "initial"
svn: Server sent unexpected return value (403 Forbidden) in response
to OPTIONS request for 'http://192.168.1.74/repos/files'
So although I can import using file:/// it also blocks me (as root)
when I use http://
Is it something in the apache setup?
regards