Ping a Specific Port

Question

Hank Gay

Asked: 2009-07-22 14:12:20 +0800 CST2009-07-22 14:12:20 +0800 CST 2009-07-22 14:12:20 +0800 CST

How can I add http access to an existing svn repository without disabling svn+ssh access?

772

I am attempting to add read-only HTTP access to an existing svn repository while still allowing write access via svn+ssh.

I have installed Apache, mod_dav_svn, etc. and pointed Apache at the svn repository, but when I attempt to access the repo via HTTP, I get the following error:

Could not open the requested SVN filesystem

When I look at the error_log for Apache, I see that it can't open the format file in my repository. That file is readable by everyone but writable by no one, and it seems to work for svn+ssh access. How can I resolve the problem for Apache without impacting svn+ssh access for the developers?

Thanks.

UPDATE: It appears this isn't restricted to the existing repo. I just created a brand-new test repo, ran chown -R apache:apache on it, and I still get the same problem. I've verified that the apache user does have execute permissions on every directory on the way to format and read permissions on format. However, if I create a test repo somewhere in the directory tree Apache is using as the document root, things work OK. Is Apache chrooted (or similar) on CentOS 5.3? If so, can I circumvent that? Thanks again.

2 Answers

Voted

Kamil Kisiel · Answer 1 · 2009-07-22T14:25:09+08:00

Kamil Kisiel

2009-07-22T14:25:09+08:002009-07-22T14:25:09+08:00

I think you can accomplish this by creating an svn group and placing all your users as well as the apache (or www-run, or whatever the user that apache runs under) user in to the group. Then you can change the permissions of the repository so that it is owned by the svn group.

That being said, I think the preferred route would be to move everything over to WebDAV. The reason here being that in order for svn+ssh to work, users need to have direct write access to the repository, as well as SSH access to the server. This provides a lot of potential for damage to the repository, as well as other potential security risks.

With WebDAV, the users are restricted to only performing operations through the WebDAV server. There are many advantages to this approach including, but not limited to, fine-grained access control, more authentication options, auditing, etc.

1

Ophidian · Answer 2 · 2009-07-23T06:52:56+08:00

Best Answer

Ophidian

2009-07-23T06:52:56+08:002009-07-23T06:52:56+08:00

Sounds like an SELinux issue... do you have denials in /var/log/audit/audit.log ?

1

How can I add http access to an existing svn repository without disabling svn+ssh access?

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?