[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: another apache permissions problem

From: Henrik Vendelbo <hvendelbo_at_bluprints.com>
Date: 2004-12-07 18:53:32 CET

Would sulinux be involved in this security issue ? it is enabled for apache in fedora core 3
  ----- Original Message -----
  From: Daniel Anderson
  To: users@subversion.tigris.org
  Cc: Gary Thomas ; hvendelbo@bluprints.com
  Sent: Tuesday, December 07, 2004 5:25 PM
  Subject: Re: another apache permissions problem

  Daniel Anderson wrote:

    Gary Thomas wrote:
On Mon, 2004-12-06 at 15:14, Daniel Anderson wrote:
  I'm a complete svn newbie trying to setup access to a new repository
through Apache. Everything works just fine when I try to access the
repository via the file:// protocol, but I can't seem to get it to
work with Apache. When I try to connect to the svn repository via
http, I get this error:

svn: PROPFIND request failed on '/MyProject'
svn:
Could not open the requested SVN filesystem

... or through a browser:

<m:human-readable errcode="13">
Could not open the requested SVN filesystem
</m:human-readable>

The Apache error log shows the following:

[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119]
(20014)Error string not specified yet: Can't open file
'/data/svn/services/customers/MyProject/format'
: Permission denied
[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
fetch resource information. [500, #0]
[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
open the requested SVN filesystem [500, #13]
[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
open the requested SVN filesystem [500, #13]

The error doesn't make any sense to me because I set global write
permissions on the project directory in an attempt to ge this to
work. ls -l on the project direcory:

total 56
drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 conf
drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 dav
drwxrwxrwx 2 root mygroup 4096 Dec 6 15:24 db
-rwxrwxrwx 1 root mygroup 2 Dec 6 15:18 format
drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 hooks
drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 locks
-rwxrwxrwx 1 root mygroup 379 Dec 6 15:18 README.txt

This is my http.conf entry (again, no permissions):

<Location /MyProject>
  DAV svn
  SVNPath /data/svn/services/customers/MyProject
</Location>

If anyone has an idea as to what the problem is, please let me know.
    
When I set this up, I found that I needed the SVN repository within
my HTTP tree - I had some troubles when the repository was outside of
it(*). There may be a way to change that, but I'm happy with it working
this way. I also run virtual servers, so I have my <Location>
directives nested within one of those. Mine looks [sort of] like this:
    <Location /SVN>
      DAV svn
      SVNParentPath /var/www/SVN/
      AuthzSVNAccessFile /var/www/SVN/.authz
      AuthUserFile /var/www/SVN/.htpasswd
      AuthName "Subversion Repository Access"
      AuthType Basic
      require valid-user
    </Location>

This works great for me - I actually have multiple repositories under
the /SVN umbrella. Access to the repositories is then
  http://MY_SERVER/SVN/xyz

(*) IIRC the trouble I had was that ViewCVS didn't like things that
were outside of the tree.

  Following your suggestion, I tried to setup a repository within the /var/www/ tree. It worked fine. Unfortunately I need the repository outside the /var/www tree. The problem seems to be with Apache, but I can't figure it out for the life of me. I can't even get Apache to serve ANY html or text page outside of the /var/www/html tree. I have tried using symbolic links and by specifying an alias and directory as follows...

    Alias /foo "/foo"

    <Directory "/foo">
       Options FollowSymLinks Indexes
       Order allow,deny
       Allow from all
    </Directory>

    I can get Apache to show a directory listing, but no files show up except nested directories. When I try to access a file (e.g. test.txt) in this directory via a url, the following error is written to the error log...

    (13)Permission denied: access to /foo/test.txt denied

    I have tried everything in terms of permissions and ownership on the files and directories. I am by no means knowledgable of Apache configuration, but I have never had any trouble setting up directories like this. It seems like a pretty basic task. I just can't figure this out.

    I am running Apache/2.0.52 (Fedora). Is there something new to this version or unique to Fedora that I am missing? This is driving me crazy.

    Any help would be greatly appreciated.

  I *finally* figured this out. Hopefully this will help prevent someone else from wasting countless hours trying to figure it out. The SELinux security was somehow interfering with Apache. I don't understand the specifics, but when I shut down the SELinux, everything began to work as expected.
Received on Tue Dec 7 18:56:34 2004

This is an archived mail posted to the Subversion Users mailing list.