SVN setup - 403 permission denied

I am trying to setup subversion on my Debian LAMP stack and I am running into quite a few issues. I have been following the library.linode articles for reference, but I think I have exhausted the available resources and I'm hoping someone can point me to a solution.

The setup I have deployed is that I setup a development domain at dev.mydomain.com which points to /srv/www/dev.mydomain.com/public_html/ and that seems to work fine. So then I setup a subdomain to host svn which is svn.mydomain.com. I setup my repositories in /srv/svn/domain where "domain" is the repository.

I then setup the following virtual host in /etc/apache/sites-available/

ServerAdmin webmaster@domain.com

ServerName svn.mydomain.com

ErrorLog /srv/www/svn.mydomain.com/logs/error.log

CustomLog /srv/www/svn.mydomain.com/logs/access.log combined

DAV svn

SVNParentPath /srv/svn

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /srv/auth/svn/mydomain.htpasswd

Require valid-user

As per the configuration, I set up the authorization files at /srv/auth/svn. I also granted apache user rights on /srv/svn/

When I try to access the repository at http://svn.mydomain.com/mydomain I am prompted for HTTP authentication, but upon successful authentication I get a 403 forbidden.

Any thoughts on why I can't get in?

7 Replies

cursory glance tells me you're missing a directory tag for /srv/svn.

~~[http://httpd.apache.org/docs/2.2/mod/core.html#directory" target="_blank">](http://httpd.apache.org/docs/2.2/mod/co … #directory">http://httpd.apache.org/docs/2.2/mod/core.html#directory](

Thanks for the cursory glance. I added a directory tag for the svn.mydomain.com file in /etc/apache2/sites-available but no luck – still a 403. Is that where you would add the directory tag?

yeah something like:

 <directory srv="" svn="">Options Indexes Multiviews
  Order allow,deny</directory> 

but this seems weird to me:

> DAV svn

SVNParentPath /srv/svn

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /srv/auth/svn/mydomain.htpasswd

Require valid-user

is 'knowlo' the domain name aka repos name in /srv/svn?

@shadyhill:

As per the configuration, I set up the authorization files at /srv/auth/svn. I also granted apache user rights on /srv/svn/
Are you sure that there aren't any filesystem privilege problems with your SVN tree? For my DAV-served SVN repositories, I set the entire SVN tree to have www-root as owner and group, since that's what Apache runs as.

Any errors in Apache's error.log that might indicate an underlying issue that is leading to the 403?

Your config is pretty close to what I use, although I have individual SVNPath entries for each of my repository locations rather than a single SVNParentPath. But I just switched mine to use SVNParentPath and it still works. Note that I don't have any Directory entries within my SVN VirtualHost block (or anywhere in my config) referencing the SVN repository filesystem location, so I don't think mod_dav requires that.

– David

thanks db3l. I had apache (www-data) as the user but not as the group. when i changed it to the group also, everything started working. whew, what a relief.

on a related note, while i was doing all of the setup stuff I realized that I could access the repository by going through svn://svn.mydomain.com/repo_name (as opposed to http://) without any user info. That's doesn't seem secure. is there a way to turn that access off?

@shadyhill:

thanks db3l. I had apache (www-data) as the user but not as the group. when i changed it to the group also, everything started working. whew, what a relief.
That seems to ring a bell, in that in the past I tried using a different group to also permit local (non-dav) access, but finally just punted and gave over ownership to www-data. It might have been that at some stages (read only) Apache is actually doing access as nobody (or something other than www-root), so without the group there were points when Apache couldn't read things. But it was a while ago.

> on a related note, while i was doing all of the setup stuff I realized that I could access the repository by going through svn://svn.mydomain.com/repo_name (as opposed to http://) without any user info. That's doesn't seem secure. is there a way to turn that access off?
That's completely distinct from anything Apache is doing - to be listening for svn:// I'm pretty sure you have to be running a separate svnserve process with its own configuration file. Check that something else during your setup might not have installed that automatically (perhaps kicked off from /etc/init.d). Or even if you just experimentally tried running svnserve manually in the past and haven't stopped/rebooted since then.

It should be listening on port 3690, so a netstat with -p can show the process and perhaps help backtrack.

– David

right again! I rebooted and the svn:// access seems to have turned off. I remember looking into svnserve while troubleshooting, so I must have turned it on at sometime.

Thanks again for your help!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct