Daniel Anderson <ds_anderson@yahoo.com> writes:
> I am using Fedora core 3 as well. For me it is called "SELinux".
> That's what I turned off to get everything to work just fine. It can
> be easily shut off through the "Security Level" UI within the default
> "System Tools" group.
Note that http://subversion.tigris.org/project_faq.html#reposperms
talks about this now.
Best,
-Karl
> Henrik Vendelbo wrote:
>
> > Would sulinux be involved in this security issue ? it is enabled for
> > apache in fedora core 3
> >
> > ----- Original Message -----
> > *From:* Daniel Anderson <mailto:ds_anderson@yahoo.com>
> > *To:* users@subversion.tigris.org
> > <mailto:users@subversion.tigris.org>
> > *Cc:* Gary Thomas <mailto:gary@mlbassoc.com> ;
> > hvendelbo@bluprints.com <mailto:hvendelbo@bluprints.com>
> > *Sent:* Tuesday, December 07, 2004 5:25 PM
> > *Subject:* Re: another apache permissions problem
> >
> >
> >
> > Daniel Anderson wrote:
> >
> >>
> >>
> >> Gary Thomas wrote:
> >>
> >>>On Mon, 2004-12-06 at 15:14, Daniel Anderson wrote:
> >>>
> >>>>I'm a complete svn newbie trying to setup access to a new repository
> >>>>through Apache. Everything works just fine when I try to access the
> >>>>repository via the file:// protocol, but I can't seem to get it to
> >>>>work with Apache. When I try to connect to the svn repository via
> >>>>http, I get this error:
> >>>>
> >>>>svn: PROPFIND request failed on '/MyProject'
> >>>>svn:
> >>>>Could not open the requested SVN filesystem
> >>>>
> >>>> ... or through a browser: <m:human-readable errcode="13">
> >>>>Could not open the requested SVN filesystem
> >>>></m:human-readable>
> >>>>
> >>>>The Apache error log shows the following:
> >>>>
> >>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119]
> >>>>(20014)Error string not specified yet: Can't open file
> >>>>'/data/svn/services/customers/MyProject/format'
> >>>>: Permission denied
> >>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
> >>>>fetch resource information. [500, #0]
> >>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
> >>>>open the requested SVN filesystem [500, #13]
> >>>>[Mon Dec 06 16:28:22 2004] [error] [client 192.168.254.119] Could not
> >>>>open the requested SVN filesystem [500, #13]
> >>>>
> >>>>
> >>>>The error doesn't make any sense to me because I set global write
> >>>>permissions on the project directory in an attempt to ge this to
> >>>>work. ls -l on the project direcory:
> >>>>
> >>>>total 56
> >>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 conf
> >>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 dav
> >>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:24 db
> >>>>-rwxrwxrwx 1 root mygroup 2 Dec 6 15:18 format
> >>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 hooks
> >>>>drwxrwxrwx 2 root mygroup 4096 Dec 6 15:18 locks
> >>>>-rwxrwxrwx 1 root mygroup 379 Dec 6 15:18 README.txt
> >>>>
> >>>>This is my http.conf entry (again, no permissions):
> >>>>
> >>>><Location /MyProject>
> >>>> DAV svn
> >>>> SVNPath /data/svn/services/customers/MyProject
> >>>></Location>
> >>>>
> >>>>If anyone has an idea as to what the problem is, please let me know.
> >>>>
> >>>
> >>>When I set this up, I found that I needed the SVN repository within
> >>> my HTTP tree - I had some troubles when the repository was outside
> >>> of it(*). There may be a way to change that, but I'm happy with
> >>> it working
> >>> this way. I also run virtual servers, so I have my <Location>
> >>> directives nested within one of those. Mine looks [sort of] like
> >>> this:
> >>> <Location /SVN>
> >>> DAV svn
> >>> SVNParentPath /var/www/SVN/
> >>> AuthzSVNAccessFile /var/www/SVN/.authz
> >>> AuthUserFile /var/www/SVN/.htpasswd
> >>> AuthName "Subversion Repository Access"
> >>> AuthType Basic
> >>> require valid-user
> >>> </Location>
> >>>
> >>>This works great for me - I actually have multiple repositories under
> >>>the /SVN umbrella. Access to the repositories is then
> >>> http://MY_SERVER/SVN/xyz
> >>>
> >>>(*) IIRC the trouble I had was that ViewCVS didn't like things that
> >>>were outside of the tree.
> >>>
> >>>
> >> Following your suggestion, I tried to setup a repository within
> >> the /var/www/ tree. It worked fine. Unfortunately I need the
> >> repository outside the /var/www tree. The problem seems to be
> >> with Apache, but I can't figure it out for the life of me. I
> >> can't even get Apache to serve ANY html or text page outside of
> >> the /var/www/html tree. I have tried using symbolic links and by
> >> specifying an alias and directory as follows...
> >>
> >> Alias /foo "/foo"
> >>
> >> <Directory "/foo">
> >> Options FollowSymLinks Indexes
> >> Order allow,deny
> >> Allow from all
> >> </Directory>
> >>
> >> I can get Apache to show a directory listing, but no files show
> >> up except nested directories. When I try to access a file (e.g.
> >> test.txt) in this directory via a url, the following error is
> >> written to the error log...
> >>
> >> (13)Permission denied: access to /foo/test.txt denied
> >>
> >> I have tried everything in terms of permissions and ownership on
> >> the files and directories. I am by no means knowledgable of
> >> Apache configuration, but I have never had any trouble setting up
> >> directories like this. It seems like a pretty basic task. I
> >> just can't figure this out.
> >>
> >> I am running Apache/2.0.52 (Fedora). Is there something new to
> >> this version or unique to Fedora that I am missing? This is
> >> driving me crazy.
> >>
> >> Any help would be greatly appreciated.
> >>
> >>
> >>
> > I *finally* figured this out. Hopefully this will help prevent
> > someone else from wasting countless hours trying to figure it
> > out. The SELinux security was somehow interfering with Apache. I
> > don't understand the specifics, but when I shut down the SELinux,
> > everything began to work as expected.
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 8 18:11:01 2004