[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: another apache permissions problem

From: Daniel Anderson <ds_anderson_at_yahoo.com>
Date: 2004-12-07 19:07:00 CET

I am using Fedora core 3 as well. For me it is called "SELinux".
That's what I turned off to get everything to work just fine. It can be
easily shut off through the "Security Level" UI within the default
"System Tools" group.

Henrik Vendelbo wrote:

> Would sulinux be involved in this security issue ? it is enabled for
> apache in fedora core 3
>
> ----- Original Message -----
> *From:* Daniel Anderson <mailto:ds_anderson@yahoo.com>
> *To:* users@subversion.tigris.org
> <mailto:users@subversion.tigris.org>
> *Cc:* Gary Thomas <mailto:gary@mlbassoc.com> ;
> hvendelbo@bluprints.com <mailto:hvendelbo@bluprints.com>
> *Sent:* Tuesday, December 07, 2004 5:25 PM
> *Subject:* Re: another apache permissions problem
>
>
>
> Daniel Anderson wrote:
>
>>
>>
>> Gary Thomas wrote:
>>
>>>On Mon, 2004-12-06 at 15:14, Daniel Anderson wrote:
>>>
>>>
>>>>I'm a complete svn newbie trying to setup access to a new repository
>>>>through Apache. Everything works just fine when I try to access the
>>>>repository via the file:// protocol, but I can't seem to get it to
>>>>work with Apache. When I try to connect to the svn repository via
>>>>http, I get this error:
>>>>
>>>>svn: PROPFIND request failed on '/MyProject'
>>>>svn:
>>>>Could not open the requested SVN filesystem
>>>>
>>>>... or through a browser:
>>>>
>>>><m:human-readable errcode="13">
>>>>Could not open the requested SVN filesystem
>>>></m:human-readable>
>>>>
>>>>The Apache error log shows the following:
>>>>
>>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119]
>>>>(20014)Error string not specified yet: Can't open file
>>>>'/data/svn/services/customers/MyProject/format'
>>>>: Permission denied
>>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
>>>>fetch resource information. [500, #0]
>>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
>>>>open the requested SVN filesystem [500, #13]
>>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
>>>>open the requested SVN filesystem [500, #13]
>>>>
>>>>
>>>>The error doesn't make any sense to me because I set global write
>>>>permissions on the project directory in an attempt to ge this to
>>>>work. ls -l on the project direcory:
>>>>
>>>>total 56
>>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 conf
>>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 dav
>>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:24 db
>>>>-rwxrwxrwx 1 root mygroup 2 Dec 6 15:18 format
>>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 hooks
>>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 locks
>>>>-rwxrwxrwx 1 root mygroup 379 Dec 6 15:18 README.txt
>>>>
>>>>This is my http.conf entry (again, no permissions):
>>>>
>>>><Location /MyProject>
>>>> DAV svn
>>>> SVNPath /data/svn/services/customers/MyProject
>>>></Location>
>>>>
>>>>If anyone has an idea as to what the problem is, please let me know.
>>>>
>>>>
>>>
>>>When I set this up, I found that I needed the SVN repository within
>>>my HTTP tree - I had some troubles when the repository was outside of
>>>it(*). There may be a way to change that, but I'm happy with it working
>>>this way. I also run virtual servers, so I have my <Location>
>>>directives nested within one of those. Mine looks [sort of] like this:
>>> <Location /SVN>
>>> DAV svn
>>> SVNParentPath /var/www/SVN/
>>> AuthzSVNAccessFile /var/www/SVN/.authz
>>> AuthUserFile /var/www/SVN/.htpasswd
>>> AuthName "Subversion Repository Access"
>>> AuthType Basic
>>> require valid-user
>>> </Location>
>>>
>>>This works great for me - I actually have multiple repositories under
>>>the /SVN umbrella. Access to the repositories is then
>>> http://MY_SERVER/SVN/xyz
>>>
>>>(*) IIRC the trouble I had was that ViewCVS didn't like things that
>>>were outside of the tree.
>>>
>>>
>>>
>> Following your suggestion, I tried to setup a repository within
>> the /var/www/ tree. It worked fine. Unfortunately I need the
>> repository outside the /var/www tree. The problem seems to be
>> with Apache, but I can't figure it out for the life of me. I
>> can't even get Apache to serve ANY html or text page outside of
>> the /var/www/html tree. I have tried using symbolic links and by
>> specifying an alias and directory as follows...
>>
>> Alias /foo "/foo"
>>
>> <Directory "/foo">
>> Options FollowSymLinks Indexes
>> Order allow,deny
>> Allow from all
>> </Directory>
>>
>> I can get Apache to show a directory listing, but no files show
>> up except nested directories. When I try to access a file (e.g.
>> test.txt) in this directory via a url, the following error is
>> written to the error log...
>>
>> (13)Permission denied: access to /foo/test.txt denied
>>
>> I have tried everything in terms of permissions and ownership on
>> the files and directories. I am by no means knowledgable of
>> Apache configuration, but I have never had any trouble setting up
>> directories like this. It seems like a pretty basic task. I
>> just can't figure this out.
>>
>> I am running Apache/2.0.52 (Fedora). Is there something new to
>> this version or unique to Fedora that I am missing? This is
>> driving me crazy.
>>
>> Any help would be greatly appreciated.
>>
>>
>>
> I *finally* figured this out. Hopefully this will help prevent
> someone else from wasting countless hours trying to figure it
> out. The SELinux security was somehow interfering with Apache. I
> don't understand the specifics, but when I shut down the SELinux,
> everything began to work as expected.
>
Received on Wed Dec 8 17:17:56 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.