RE: Re: solution, was: Re: another apache permissions problem

From: Curtis G Pew <curtis.pew_at_austin.utexas.edu>
Date: 2004-12-08 15:28:22 CET

I don't think that 'svnadmin create' should be doing this, since it's only appropriate if you're planning to access your repository via http. The documentation for configuring Apache for Subversion already discusses setting up permissions, and this is just another issue that needs to be dealt with.

Here's my summary of the situation:

"In addition to regular Unix permissions, under SELinux every file, directory, process, etc. has a 'security context'. When a process attempts to access a file, besides checking the Unix permissions the system also checks to see if the security context of the process is compatible with the security context of the file.

"By default, Fedora Core 3 comes with SELinux installed and configured so that Apache runs in a fairly restricted security context, so to run Subversion under Apache you have to set the security context of the repository to allow Apache access (or turn off the restrictions on Apache, if you think all this is overkill.) The 'chcon' command is used to set the security context of files similarly to how the "'chmod' sets the traditional Unix permissions. In my case, issuing:

$ chcon -R -h -t httpd_sys_content_t <path-to-repository>

set the security context so that I was able to successfully access the repository."

This will probably come up a lot as more people start to use Fedora Core 3 and the corresponding versions of Red Hat Enterprise, but again I don't think svnadmin should change, just the documentation.

-- 
Curtis Pew (c.pew@its.utexas.edu)
ITS - Systems
The University of Texas at Austin
> ----------
> From: 	kfogel@newton.ch.collab.net on behalf of kfogel@collab.net
> Reply To: 	kfogel@collab.net
> Sent: 	Wednesday, December 8, 2004 12:39 AM
> To: 	Henrik Vendelbo
> Cc: 	users@subversion.tigris.org
> Subject: 	 Re: solution, was: Re: another apache permissions problem
> 
> "Henrik Vendelbo" <hvendelbo@bluprints.com> writes:
> > I had to do a chcon -R -u system_u <path> as well to get it to work.
> > 
> > shouldn't 'svnadmin create' be able to do this sort of thing ?
> 
> Wow, glad this got solved.
> 
> Can you summarize the situation, for those of us who don't know
> anything about SELinux, and say what exactly it is that 'svnadmin
> create' should be doing?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 
> 
> 
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Wed Dec 8 15:30:27 2004

This message: [ Message body ]
Next message: Niels Skou Olsen: "Re: [rfc]Checkout without the .svn Directories"
Previous message: Szekeres István: "Re: Committing .svn dirs and your're toast?"
Next in thread: kfogel_at_collab.net: "Re: solution, was: Re: another apache permissions problem"
Reply: kfogel_at_collab.net: "Re: solution, was: Re: another apache permissions problem"
Reply: Henrik Vendelbo: "Re: Re: solution, was: Re: another apache permissions problem"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]