centos apache svn forbidden

2
votes

I am using centos 7, I installed httpd, svn and mod_dav_svn, I can access the apache by http://localhost.

my /etc/httpd/conf.modules.d/10-subversion.conf looks like :

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule dontdothat_module  modules/mod_dontdothat.so

<Location /svn>
DAV svn
SVNParentPath /svn
AuthName "SVN repo"
AuthType Basic
AuthUserFile /etc/svn/svn-auth
AuthzSVNAccessFile /svn/authz
Require valid-user
</Location>

Create svn repo by command : 

cd /svn
sudo svnadmin create repo
sudo chown -R apache:apache repo

Then setup user permission for users by editting /svn/authz which copied from /svn/repo/conf/authz

sudo cp /svn/repo/conf/authz /svn/authz

However, when I accessed http://localhost/svn/repo, it showed me that 403 forbidden, You don't have permission to access /svn/repo on this server.

my /svn directory is :

[frank@localhost svn]$ ls
authz  repo

[frank@localhost svn]$ ls -l
total 4

-rw-r--r--. 1 root   root   1123 Nov 12 11:08 authz
drwxr-xr-x. 6 apache apache   80 Nov 12 11:01 repo

/svn/authz

[groups]
admin = frank
general_user=test1

[/]
@admin=rw

[repo:/]
@general_user=r

What's the problem?

----- Updated on 14 Nov ------------

I enabled logging like 

<Location /svn>    
DAV svn  
 …  
</Location>

CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION

there is svn_logfile under /var/log/httpd, but it is empty.

-rw-r--r--. 1 apache apache 0 Nov 14 22:32 svn_logfile

In error_log, the information displayed as 

[Mon Nov 14 22:32:15.789588 2016] [core:notice] [pid 6924] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Nov 14 22:32:15.791536 2016] [suexec:notice] [pid 6924] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[Mon Nov 14 22:32:15.828814 2016] [auth_digest:notice] [pid 6924] AH01757: generating secret for digest authentication ...
[Mon Nov 14 22:32:15.830345 2016] [lbmethod_heartbeat:notice] [pid 6924] AH02282: No slotmem from mod_heartmonitor
[Mon Nov 14 22:32:15.842779 2016] [mpm_prefork:notice] [pid 6924] AH00163: Apache/2.4.6 (CentOS) SVN/1.7.14 configured -- resuming normal operations
[Mon Nov 14 22:32:15.842858 2016] [core:notice] [pid 6924] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Mon Nov 14 22:32:25.641415 2016] [authz_svn:error] [pid 6933] (13)Permission denied: [client ::1:60550] Failed to load the AuthzSVNAccessFile: Can't open file '/svn/authz': Permission denied
[Mon Nov 14 22:32:25.641504 2016] [authz_svn:error] [pid 6933] [client ::1:60550] Access denied: 'frank' GET repo:/

but permission of /svn/authz is:

drwxr-xr-x. 4 apache apache 41 Nov 13 22:16 svn

-rwxrwxrwx. 1 apache apache 1120 Nov 12 22:58 authz

drwxr-xr-x. 6 apache apache 80 Nov 12 11:01 repo

2
apachesvncentos7

2 Answers

4
votes

The problem is selinux.

After I modify the selinux security context of /svn by

sudo chcon -Rv –-type=httpd_sys_content_t /svn

then I can access the svn.

0
votes

Then setup user permission for users by editting /svn/authz

You should double-check the access rules you put into authz file. There should be an access rule such as

[repo:/]
* = r

* = r stands for Everyone -- Read Only. Read about the access rules and authz file syntax in SVNBook | Path-Based Authorization.

BTW, you could enable logging and find out the root cause by yourself. Read SVNBook | Apache logging.