SVN setup - 403 permission denied
The setup I have deployed is that I setup a development domain at dev.mydomain.com which points to /srv/www/dev.mydomain.com/public_html/ and that seems to work fine. So then I setup a subdomain to host svn which is svn.mydomain.com. I setup my repositories in /srv/svn/domain where "domain" is the repository.
I then setup the following virtual host in /etc/apache/sites-available/
ServerName svn.mydomain.com
ErrorLog /srv/www/svn.mydomain.com/logs/error.log
CustomLog /srv/www/svn.mydomain.com/logs/access.log combined
SVNParentPath /srv/svn
AuthName "Subversion Repository"
AuthUserFile /srv/auth/svn/mydomain.htpasswd
Require valid-user
As per the configuration, I set up the authorization files at /srv/auth/svn. I also granted apache user rights on /srv/svn/
When I try to access the repository at
Any thoughts on why I can't get in?
7 Replies
<directory srv="" svn="">Options Indexes Multiviews
Order allow,deny</directory>
but this seems weird to me:
>
SVNParentPath /srv/svn
AuthType Basic AuthName "Subversion Repository"
AuthUserFile /srv/auth/svn/mydomain.htpasswd
Require valid-user
is 'knowlo' the domain name aka repos name in /srv/svn?
@shadyhill:
As per the configuration, I set up the authorization files at /srv/auth/svn. I also granted apache user rights on /srv/svn/
Are you sure that there aren't any filesystem privilege problems with your SVN tree? For my DAV-served SVN repositories, I set the entire SVN tree to have www-root as owner and group, since that's what Apache runs as.
Any errors in Apache's error.log that might indicate an underlying issue that is leading to the 403?
Your config is pretty close to what I use, although I have individual SVNPath entries for each of my repository locations rather than a single SVNParentPath. But I just switched mine to use SVNParentPath and it still works. Note that I don't have any Directory entries within my SVN VirtualHost block (or anywhere in my config) referencing the SVN repository filesystem location, so I don't think mod_dav requires that.
– David
on a related note, while i was doing all of the setup stuff I realized that I could access the repository by going through svn://svn.mydomain.com/repo_name (as opposed to http://) without any user info. That's doesn't seem secure. is there a way to turn that access off?
@shadyhill:
thanks db3l. I had apache (www-data) as the user but not as the group. when i changed it to the group also, everything started working. whew, what a relief.
That seems to ring a bell, in that in the past I tried using a different group to also permit local (non-dav) access, but finally just punted and gave over ownership to www-data. It might have been that at some stages (read only) Apache is actually doing access as nobody (or something other than www-root), so without the group there were points when Apache couldn't read things. But it was a while ago.
> on a related note, while i was doing all of the setup stuff I realized that I could access the repository by going through svn://svn.mydomain.com/repo_name (as opposed to http://) without any user info. That's doesn't seem secure. is there a way to turn that access off?
That's completely distinct from anything Apache is doing - to be listening for svn:// I'm pretty sure you have to be running a separate svnserve process with its own configuration file. Check that something else during your setup might not have installed that automatically (perhaps kicked off from /etc/init.d). Or even if you just experimentally tried running svnserve manually in the past and haven't stopped/rebooted since then.
It should be listening on port 3690, so a netstat with -p can show the process and perhaps help backtrack.
– David
Thanks again for your help!