Wednesday, January 12, 2011

mod_dav_svn user permission on the repository

I had just build subversion repository with apache mod_dav_svn plugin, so the dev team can do any versioning process with usual port of httpd. it works quite smoothly, they did checkout/update/commit process from other network until they found the problem when access the server ssh-ly to perform some checkout process, they need to update some working copy on the server for sample development tags in httpd doc root, only root can checkout/update some working copy on the server, every user that already allowed by "AuthUserFile" config always got denied message to do that.

I thought the only possibly config that related for this is

 AuthUserFile /etc/svn-auth-conf
 AuthzSVNAccessFile /etc/svn-acl-conf

i'd tried several times to change the config file related to that things, but no result..

From serverfault Gogonez

  • Have you checked the filesystem permissions on the subversion store?

    Gogonez : yes, its own by apache, the apahce run as apache user and webapp group.. the dir of repository was owned by apache:webapp, and all the dev team users set as webapp group.
    Xerxes : And what do the Apache logs have to say about it?
    From Xerxes

  • If I understand the question correctly, you don't have any issues when performing svn via http://somehost/svn/repo/proj but when you attempt to use the locally installed svn client from the system, you are getting permission denied from any user other than root.

    What are the permissions of the files that you are trying to commit/update/checkout? are they owned by a functional user account that the user doesn't have permissions to?

    Try to perform checkout/update/commits from /tmp to see if its a file permissions problem.

    Gogonez : yes this is just permission problem, i'd follow your answer to analayze permision problem with doing some svn client action in /tmp i change the group owner of myhtdoc, then create one user (say it a manager) with the same group of htdoc. thanks @netlinxman
    From netlinxman

  • It seems like you have some users accessing the repository over http, and one user/working copy accessing the repository locally. What you probably want to do is switch the working copy on the server to use the http method and not the local method. You could spend a while fixing permissions, but you will have a lot less headaches if everybody accesses the repository the same way.

    Something like:

    svn switch --relocate file://path/to/repository http://127.0.0.1/path/to/repository /path/to/working/copy

    Should do the trick, followed by an svn update to make sure everything works ok.

    From Mark

  • You should not allow access via "ssh" and http at the same time. Your users access the repository once with a user on the server, once with with rights of the httpd.

    Set up https-support to enable encrypted access and deny ssh access.

    From $pageUsers[$post.author].name
Posted by Mu Cat at 9:48 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)