subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Canfield <>
Subject Re: Subversion access control / Linux users etc.
Date Thu, 21 Jul 2011 11:54:47 GMT
More user/command interaction -

The commands to create the Subversion Repository Parent directory were
*    sudo bash
     mkdir /data/svn
     chmod a+w /data/svn*
This created this directory:
*    drwxrwxrwx 4 root 4096 2011-07-21 17:36 /data/svn/*

I ran this command as user root:
*    svnadmin create /data/svn/sample*
and what I get is
*    drwxr-xr-x 6 root 4096 2011-07-21 11:08 /data/svn/sample/*

I ran this command as user andy:
*    svnadmin create /data/svn/example*
and what I got is
*    drwxr-xr-x 6 andy 4096 2011-07-21 17:36 /data/svn/example/*

It concerns me that apache is running as user 'www-data' and niether of 
these repositories are owned by, or even writable by, www-data. So I did 
these commands:
*    sudo bash
     su www-data
     svnadmin create geronimo*
The output of the last command was as follows:
*    svnadmin: Repository creation failed
     svnadmin: Could not create top-level directory
     svnadmin: Can't create directory 'geronimo': Permission denied*
That surprises me; the /data/svn directory is writable by everyone. Ah well.

The browser, when pointing to http://localhost/svn/RepoName, gives this 
*    RepoName - Revision 0: /
     Powered by Subversion version 1.6.12 (r955767)*.
This is true whether RepoName is 'sample' or 'example'. Of course, the 
only thing mod_dav_svn needs to do in this case is to read the 
repository, and all files and directories are readable by everyone, 
regardless of whether they are owned by root or andy.

So the browser access mechanism has no commands to control a repository, 
only to describe it? Logically this might make sense; however I would 
expect that http://localhost/svn would be capable of listing the 
repositories and creating new repositories.. But when I point the 
browser to http://localhost/svn I get this response:
*    Forbidden
     You don't have permission to access /svn/ on this server.
     Apache/2.2.17 (Ubuntu) Server at localhost Port 80*
When I look at /var/log/apache2/error.log I see these lines:
*    [Thu Jul 21 17:54:04 2011] [error] [client]
         Could not fetch resource information.  [403, #0]
     [Thu Jul 21 17:54:04 2011] [error] [client]
         (2)No such file or directory: The URI does not contain the name 
of a repository.
          [403, #190001]*
Ahah! So http://localhost/svn is NOT a valid Subversion URL. I was 
mistaken when I thought someone said that the Apache browser interface 
could give me a list of the repositories.

As Linux user 'andy'. Here goes:
*    rm -rf .subversion
****svn info http://localhost/svn/sample --username='andy' 
*    Password for 'default' GNOME keyring:
     svn: OPTIONS of 'http://localhost/svn/sample': authorization failed:
         Could not authenticate to server: rejected Basic challenge 
*The fact is that, as far as I know, I DON"T HAVE ANY %$#@! GNOME 
KEYRING! So when it asked for the Password for 'default' GNOME keyring I 
just pressed Enter. Then authenticiation failed.

OK, so I have completely removed the gnome-keyring package. I also had 
to wipe out the ~/.gnome2/keywrings directory. Now to try again.

Wait. Wait some more. Go down to 7/11; buy a hot dog and some potato 
chips. Come back home. It's been 20-30 minutes. Command still hasn't 
completed. Nothing in /var/log/apache2/error.log. Just a dead svn 
program. Had to kill -9.

When it comes to plants, some people have a green thumb; I have a brown 
thumb. Looks like when it comes to Subversion I have a black thumb.

View raw message