SVN (Subversion) Access Control with Apache and mod_authz_svn - Comment Page: 2
I just wrote guide, howto install SVN (Subversion) Server on Fedora, CentOS and Red Hat (RHEL). No I decided to write more information about SVN Access Control. This guide works if you have installed Apache, Subversion (SVN) and mod_dav_svn on any Linux system, like Ubuntu, Debian, Arch, Gentoo, not only Fedora, CentOS or Red Hat (RHEL).
[inttf_post_ad1]
Setup SVN (Subversion) Access Control with Apache and mod_authz_svn
1. Change root user
su -
## OR ##
sudo -i
2. Add SVN (Subversion) users
Use following command:
## Create testuser ##
htpasswd -c -m /etc/svn-auth-users testuser
New password:
Re-type new password:
Adding password for user...
Great guide. Thank you.
SVN works great.
A question for you, if you don’t mind:
Is there a way to allow users to change their svn passwords?
Thanks.
Hi Sky Is Falling,
You are welcome!
Good question, it’s possible, but then maybe some other authentication method might be much better than mod_authz_svn, what I use on this guide. You can check Apache HTTP Server – Authentication and Authorization modules, if you find some better method for your needs. Alternatively you can use example mod_auth_mysql or mod_auth_pgsql and create some simple web user interface to allow users change their svn passwords…
Hi Team,
my SVN server had crash but i had SVN backup.dump and again i installed svn and create 1 Repos and import backup in Repos and now user can login by URL but when he is committing project then showing error ACCESS DENIED
Please Help me.
Hi Team,
my SVN server had crash but i had SVN backup.dump and again i installed svn and create 1 Repos and import backup in Repos and now user can login by URL but when he is committing project then showing error ACCESS DENIED
Please Help me.
Hi Varun Kumar,
Could you tell more about your current setup? This sounds Access Control problem if SVN is working, but user can’t commit.
Could you post your Access Control file content? You can of course change user names if you want.
[groups]
Administrator = Varun, Vijay, Anamika, Babu
Developer = Abhishek, Sumit, satya, Pradeep, Anita, Rahul, Ankit, Vivek
Designer = Sohan, Vivek
[/]
#* = r
@Administrator = rw
@Designer =
[Repos:/]
@Developer = rw
@Designer =
Hi Team
Below mentioned Access control File.
[groups]
Administrator = Varun, Vijay, Anamika, Babu
Developer = Abhishek, Sumit, satya, Pradeep, Anita, Rahul, Ankit, Vivek
Designer = Sohan, Vivek
[/]
#* = r
@Administrator = rw
@Designer =
[Repos:/]
@Developer = rw
@Designer =
Thanks, I assume that users who have rw permission can’t commit?
Do you have SELinux enabled?
Could you also post output of following commands:
You can of course change file names and repo name.
Hi output of the given Command,
[email protected] ~]# ls -laZ /var/www/svn/Repos/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 ..
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 conf
drwxr-sr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 db
-r–r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 format
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 hooks
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 locks
-rw-r–r–. root root unconfined_u:object_r:httpd_sys_content_t:s0 README.txt
[[email protected] ~]# ls -laZ /var/www/svn/
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 ..
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 Repos
[[email protected] ~]#
(4:52 PM) vijay.k: [[email protected] ~]# grep -v “#” /etc/sysconfig/selinux
SELINUX=enforcing
SELINUXTYPE=targeted
Thanks, first set httpd_sys_rw_content_t instead of httpd_sys_content_t:
Then try commit again, is it working then? If not could you post full error message?
Hi Team,
when i commit Project in SVN reposetry then getting error: –
Cant open file ‘/var/www/svn/Repos1/dv/txn-current-lock’: Permission Denied
Please Help …
Hi Varun,
Do you have right permissions on your repo? Normally user: apache and group: apache.
Hi team,
i have used chown -R apache:apache /var/www/svn/Repos1 command but now i am getting another error:-
svn:- Server sent unexpected return value (403 Forbidden)in responce to MKACTIVITY REQUEST FOR ‘/SVN/Repos1/!svn/act/act627d94a5-1d65-42bf-b88c-b1b28ee0d0ac
Hi team,
i have used chown -R apache:apache /var/www/svn/Repos1 command but now i am getting another error:-
svn:- Server sent unexpected return value (403 Forbidden)in responce to MKACTIVITY REQUEST FOR ‘/SVN/Repos1/!svn/act/act627d94a5-1d65-42bf-b88c-b1b28ee0d0ac
Please help…..
Hi Varun,
For me this sound problem with user permissions, could you do example checkout (svn co) or listing (svn ls) normally?
I’m also seeing the same issue. I’ve seen posts claiming that this is a “case-sensitive” issue or that I should be using https:// instead of http:// but neither of these seems to fix the issue. Does anyone know what could be causing this issue and how to fix it??
Any help will be much appreciated!!
Thanks!!
Hi,
I want to isolate a group to a repository.
I have subversion set up through ldap.
Users in particular group can access all the repository. Users use TortiseSVN
#**************************************************
#LDAP AUTHENTICATION
#**************************************************
# Work around authz and SVNListParentPath issue
RedirectMatch ^(svn)$ $1/
DAV svn
SVNParentPath /path /to//svn/
SVNListParentPath on
# Limit write permission to list of valid users.
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName “Authorization Realm”
AuthBasicProvider ldap
AuthzLDAPAuthoritative On
AuthLDAPBindDN “cn=name,……etc”
AuthLDAPBindPassword “password”
AuthLDAPURL “ldap://ldapname-port etc?uid?”
Require ldap-group cn=svnreadwrite,etc
Require ldap-group cn=svnreadonly,etc
Require ldap-group cn=svnreadwrite,cn=etc
DAV svn
SVNParentPath /path/to/my/mysite/
SVNPathAuthz off
Require ldap-group cn=svngrp1,cn=etc
I want the users in svngrp1 to access the mysite repository.
Thanks
Joe
Still facing Problem when file committing, can i Remove svn from and again install.
Hi Varun,
Simply remove repos and remove mod_dav_svn and subversion packages and svn (custom) config files.
Of course backup everything what you might need later.
Hi there,
I followed above guide from JR and it works well if case without access-control file
Problem is that I got access denied error after using any created account to login to
Below is my access-control. Could you pls help me find out reason ?
[groups]
admin = user1, user2
cltt = user3
gm = user4
srv = user5, user6
arts = user7
[repos:/]
@admin = rw
user1 = rw
[repos:/api_src]
@srv = rw
user1 = rw
[repos:/art_01]
@art = rw
[repos:/art_02]
@art = rw
[repos:/cltt_src
@cltt = rw
[repos:/gm_dsg]
@gm = rw
[repos:/srv_src]
@srv = rw
Hi,
To implement directory level permission in httpd.conf two modules i.e.authz_svn_module and dav_svn_modules are not loaded by default, in order to implement locking on direcotories loading these two and restarting httpd will work…Pls reply ASAP.
Hi josh,
Do you have some problem with setting directory level permissions?
I cant save changes to this file /etc/httpd/conf.d/subversion.conf file
Hi sam,
Did you tried as root user?
Its fine now, thanks for the effort, and I must say this is a great turorial!!