SVN (Subversion) Access Control with Apache and mod_authz_svn - Comment Page: 2

I just wrote guide, howto install SVN (Subversion) Server on Fedora, CentOS and Red Hat (RHEL). No I decided to write more information about SVN Access Control. This guide works if you have installed Apache, Subversion (SVN) and mod_dav_svn on any Linux system, like Ubuntu, Debian, Arch, Gentoo, not only Fedora, CentOS or Red Hat (RHEL). [inttf_post_ad1] Setup SVN (Subversion) Access Control with Apache and mod_authz_svn 1. Change root user su - ## OR ## sudo -i 2. Add SVN (Subversion) users Use following command: ## Create testuser ## htpasswd -c -m /etc/svn-auth-users testuser New password: Re-type new password: Adding password for user...

98 comments on “SVN (Subversion) Access Control with Apache and mod_authz_svn - Comment Page: 2

1 2 3 4
    1. Great guide. Thank you.

      SVN works great.

      A question for you, if you don’t mind:
      Is there a way to allow users to change their svn passwords?

      Thanks.

      Reply
      • Hi Sky Is Falling,

        You are welcome!

        Good question, it’s possible, but then maybe some other authentication method might be much better than mod_authz_svn, what I use on this guide. You can check Apache HTTP Server – Authentication and Authorization modules, if you find some better method for your needs. Alternatively you can use example mod_auth_mysql or mod_auth_pgsql and create some simple web user interface to allow users change their svn passwords…

        Reply
    2. Hi Team,
      my SVN server had crash but i had SVN backup.dump and again i installed svn and create 1 Repos and import backup in Repos and now user can login by URL but when he is committing project then showing error ACCESS DENIED
      Please Help me.

      Reply
    3. Hi Team,
      my SVN server had crash but i had SVN backup.dump and again i installed svn and create 1 Repos and import backup in Repos and now user can login by URL but when he is committing project then showing error ACCESS DENIED
      Please Help me.

      Reply
      • Hi Varun Kumar,

        Could you tell more about your current setup? This sounds Access Control problem if SVN is working, but user can’t commit.

        Could you post your Access Control file content? You can of course change user names if you want.

        Reply
    4. [groups]
      Administrator = Varun, Vijay, Anamika, Babu
      Developer = Abhishek, Sumit, satya, Pradeep, Anita, Rahul, Ankit, Vivek
      Designer = Sohan, Vivek

      [/]
      #* = r
      @Administrator = rw
      @Designer =

      [Repos:/]
      @Developer = rw
      @Designer =

      Reply
    5. Hi Team

      Below mentioned Access control File.

      [groups]
      Administrator = Varun, Vijay, Anamika, Babu
      Developer = Abhishek, Sumit, satya, Pradeep, Anita, Rahul, Ankit, Vivek
      Designer = Sohan, Vivek

      [/]
      #* = r
      @Administrator = rw
      @Designer =

      [Repos:/]
      @Developer = rw
      @Designer =

      Reply
      • Thanks, I assume that users who have rw permission can’t commit?

        Do you have SELinux enabled?

        
        grep -v "#" /etc/sysconfig/selinux
        

        Could you also post output of following commands:

        
        ls -laZ /path/svn
        
        ls -laZ /path/svn/repo
        

        You can of course change file names and repo name.

        Reply
    6. Hi output of the given Command,

      [email protected] ~]# ls -laZ /var/www/svn/Repos/
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 .
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 ..
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 conf
      drwxr-sr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 db
      -r–r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 format
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 hooks
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 locks
      -rw-r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 README.txt
      [[email protected] ~]# ls -laZ /var/www/svn/
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 .
      drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
      drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Repos
      [[email protected] ~]#
      (4:52 PM) vijay.k: [[email protected] ~]# grep -v “#” /etc/sysconfig/selinux

      SELINUX=enforcing
      SELINUXTYPE=targeted

      Reply
      • Thanks, first set httpd_sys_rw_content_t instead of httpd_sys_content_t:

        
        chcon -R -t httpd_sys_rw_content_t /var/www/svn
        

        Then try commit again, is it working then? If not could you post full error message?

        Reply
    7. Hi Team,
      when i commit Project in SVN reposetry then getting error: –
      Cant open file ‘/var/www/svn/Repos1/dv/txn-current-lock’: Permission Denied
      Please Help …

      Reply
      • Hi Varun,

        Do you have right permissions on your repo? Normally user: apache and group: apache.

        
        chown -R apache:apache /var/www/svn/Repos1
        
        Reply
    8. Hi team,

      i have used chown -R apache:apache /var/www/svn/Repos1 command but now i am getting another error:-
      svn:- Server sent unexpected return value (403 Forbidden)in responce to MKACTIVITY REQUEST FOR ‘/SVN/Repos1/!svn/act/act627d94a5-1d65-42bf-b88c-b1b28ee0d0ac

      Reply
    9. Hi team,

      i have used chown -R apache:apache /var/www/svn/Repos1 command but now i am getting another error:-
      svn:- Server sent unexpected return value (403 Forbidden)in responce to MKACTIVITY REQUEST FOR ‘/SVN/Repos1/!svn/act/act627d94a5-1d65-42bf-b88c-b1b28ee0d0ac

      Please help…..

      Reply
      • Hi Varun,

        For me this sound problem with user permissions, could you do example checkout (svn co) or listing (svn ls) normally?

        Reply
      • I’m also seeing the same issue. I’ve seen posts claiming that this is a “case-sensitive” issue or that I should be using https:// instead of http:// but neither of these seems to fix the issue. Does anyone know what could be causing this issue and how to fix it??

        Any help will be much appreciated!!

        Thanks!!

        Reply
    10. Hi,

      I want to isolate a group to a repository.

      I have subversion set up through ldap.
      Users in particular group can access all the repository. Users use TortiseSVN

      #**************************************************
      #LDAP AUTHENTICATION
      #**************************************************
      # Work around authz and SVNListParentPath issue
      RedirectMatch ^(svn)$ $1/

      DAV svn
      SVNParentPath /path /to//svn/
      SVNListParentPath on

      # Limit write permission to list of valid users.
      # Require SSL connection for password protection.
      # SSLRequireSSL

      AuthType Basic
      AuthName “Authorization Realm”
      AuthBasicProvider ldap
      AuthzLDAPAuthoritative On
      AuthLDAPBindDN “cn=name,……etc”
      AuthLDAPBindPassword “password”
      AuthLDAPURL “ldap://ldapname-port etc?uid?”

      Require ldap-group cn=svnreadwrite,etc
      Require ldap-group cn=svnreadonly,etc

      Require ldap-group cn=svnreadwrite,cn=etc

      DAV svn
      SVNParentPath /path/to/my/mysite/
      SVNPathAuthz off

      Require ldap-group cn=svngrp1,cn=etc

      I want the users in svngrp1 to access the mysite repository.

      Thanks
      Joe

      Reply
    11. Still facing Problem when file committing, can i Remove svn from and again install.

      Reply
      • Hi Varun,

        Simply remove repos and remove mod_dav_svn and subversion packages and svn (custom) config files.

        Of course backup everything what you might need later.

        Reply
    12. Hi there,

      I followed above guide from JR and it works well if case without access-control file
      Problem is that I got access denied error after using any created account to login to

      Below is my access-control. Could you pls help me find out reason ?

      [groups]
      admin = user1, user2
      cltt = user3
      gm = user4
      srv = user5, user6
      arts = user7

      [repos:/]
      @admin = rw
      user1 = rw

      [repos:/api_src]
      @srv = rw
      user1 = rw

      [repos:/art_01]
      @art = rw

      [repos:/art_02]
      @art = rw

      [repos:/cltt_src
      @cltt = rw

      [repos:/gm_dsg]
      @gm = rw

      [repos:/srv_src]
      @srv = rw

      Reply
    13. Hi,
      To implement directory level permission in httpd.conf two modules i.e.authz_svn_module and dav_svn_modules are not loaded by default, in order to implement locking on direcotories loading these two and restarting httpd will work…Pls reply ASAP.

      Reply
      • Hi josh,

        Do you have some problem with setting directory level permissions?

        Reply
    14. I cant save changes to this file /etc/httpd/conf.d/subversion.conf file

      Reply
      • Hi sam,

        Did you tried as root user?

        Reply
    15. Its fine now, thanks for the effort, and I must say this is a great turorial!!

      Reply
1 2 3 4

Leave a Reply

Your email address will not be published. Required fields are marked *

Close