I am tring to setup a subversion server on CentOS 5.8 (CentOS release 5.8 (Final)). I have only a little experience with CentOS. I only have worked with SuSE and Ubuntu so far.
The problem I have is, when I try to access my SVN repository via http://domain.tld/svn I get "Forbidden, You don't have permission to access /svn/ on this server.".
These are the steps for my setup:
yum install mod_dav_svn subversion
Content of /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
DAV svn
SVNParentPath /var/www/svn
</Location>
Create related paths
mkdir -p /var/www/svn && cd /var/www/svn
svnadmin create repos
chown -R apache:apache repos
service httpd restart
I cant figure out, whats wrong...
Other sources on CentOS 5.7 suggested this as an additional step:
chcon -R -t httpd_sys_content_t /var/www/svn/repos
chcon -R -t httpd_sys_rw_content_t /var/www/svn/repos
When I execute this, I get chcon: can't apply partial context to unlabeled file /var/www/svn/repos
So I looked around and found a User that said, I should use
chcon -h system_u:object_r:httpd_sys_content_t /var/www/svn/repos
chcon -R -h apache:object_r:httpd_sys_content_t /var/www/svn/repos/*
instead of
chcon -R -t httpd_sys_content_t /var/www/svn/repos
so I added also 2 lines for httpd_sys_rw_content_t
:
chcon -h system_u:object_r:httpd_sys_content_t /var/www/svn/repos
chcon -R -h apache:object_r:httpd_sys_content_t /var/www/svn/repos/*
chcon -h system_u:object_r:httpd_sys_rw_content_t /var/www/svn/repos
chcon -R -h apache:object_r:httpd_sys_rw_content_t /var/www/svn/repos/*
Problem still remains...
service httpd restart
Problem still remains...
EDIT
I also have added authentication rules to the subversion.conf:
<LimitExcept GET PROPFIND OPTIONS REPORT>
AuthzSVNAccessFile /etc/subversion/svn-access
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /etc/subversion/svn-passwd
Require valid-user
</LimitExcept>
These configuration rules are copied from a previous running installation under SuSE. The files have valid content. Problem still remains...
EDIT
I have removed the <LimitExcept GET PROPFIND OPTIONS REPORT>
and </LimitExcept>
lines, so that the authentication always applies. When I now access svn from the browser, I get an HTTP-Basic-Auth windows. After I have entered existing and correct credentials, the "Forbidden" message comes up again. Problem still remains...
EDIT
I finally got it running. I have set the repository path via SVNPath /var/www/svn/repos
instead of SVNParentPath /var/www/svn
. Now everything is fine...
You have to instruct Apache to perform authentication (so that Subversion will have a user to use with the rules
In you location add something like this to you <Location>
directive:
SSLRequireSSL
AuthType Basic
AuthPAM_Enabled on
AuthName "Subversion"
AuthUserFile /etc/shadow
Require valid-user
This example uses PAM but there are many other possibilities: refer to the Apache httpd manual