[lug] setting subversion permissions with apache/mod_dav

D. Stimits stimits at comcast.net
Mon Jan 15 20:13:53 MST 2007


> Tired of me yet?  The solution seems to be, add "Deny from all" below 
> your "Order deny, allow"
Sadly, this resulted in all access being denied. I'm starting to feel I 
need to rebuild apache, openssl, and subversion with debug symbols, and 
run it in a debugger. When I try to use the svn co on the command line 
after adding the Deny from all, it never even gives me a chance to 
attempt adding the pass:

svn: PROPFIND request failed on '/svn/helloworld'
svn: PROPFIND of '/svn/helloworld': 403 Forbidden (https://...

SSL log:
... client denied by server configuration: /var/www/html/svn

> Alternatively, you can remove the "Order deny,allow"

Sadly, this results in totally open access to all svn clients. While 
searching for an answer on google, the only success story I found was 
from a guy that wiped his system and started over from scratch. I'm 
about ready to give up on svn with apache and run svnserve, but it won't 
do all I need...and of course there is no guarantee it won't also misbehave.

My variation which lets everyone in:
<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn
   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/passwd-httpd
   AuthGroupFile /etc/group-httpd
   Require group devel

Anything with Order deny,allow, then Deny from all seems to ignore all 
attempts at login.

You said you had looked at authz, which looks extremely useful since I'm 
hoping to eventually mix authentication for read only plus read/write 
access at some point. What kind of httpd config do you use on that? How 
about the authz file itself? And have you used the apache htpasswd 
utility to generate your password files? I know I've messed something 
up, but for the life of me I can't see it.

D. Stimits, stimits AT comcast DOT net

More information about the LUG mailing list