Discussion:
Apache subversion unable to open another ext4 partion svn repository
kushal bhattacharya
2017-11-07 12:05:21 UTC
Permalink
Hi,
Whenever I am trying to access repository which is located in another ext4
partition,I get an error as

<D:error><C:error/><m:human-readable errcode="13">
Can't open directory
'/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn': Permission denied
</m:human-readable></D:error>
How to I resolve this error and successfully access it via localhost first
Thanks,
Kushal
Andreas Stieger
2017-11-07 12:13:28 UTC
Permalink
Hello,
Post by kushal bhattacharya
Can't open directory
'/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn': Permission denied
The Subversion server process (svnserve or httpd) is unable to access
(read) the path. Adjust the ownership and permissions so that the server
process has the required privileges.

Andreas
kushal bhattacharya
2017-11-07 12:15:38 UTC
Permalink
# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
#
# NOTE: for a setup with multiple vhosts, you will want to do this
# configuration in /etc/apache2/sites-available/*, not here.

# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
# Note, a literal /svn should NOT exist in your document root.
Alias /svn /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
<Location /repos>

# Uncomment this to enable the repository
DAV svn

# Set this to the path to your repository
#SVNPath /var/lib/svn
#SVNPath /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
# Alternatively, use SVNParentPath if you have multiple repositories under
# under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
# You need either SVNPath and SVNParentPath, but not both.
SVNParentPath /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
SVNListParentPath on
# Access control is done at 3 levels: (1) Apache authentication, via
# any of several methods. A "Basic Auth" section is commented out
# below. (2) Apache <Limit> and <LimitExcept>, also commented out
# below. (3) mod_authz_svn is a svn-specific authorization module
# which offers fine-grained read/write access control for paths
# within a repository. (The first two layers are coarse-grained; you
# can only enable/disable access to an entire repository.) Note that
# mod_authz_svn is noticeably slower than the other two layers, so if
# you don't need the fine-grained control, don't configure it.

# Basic Authentication is repository-wide. It is not secure unless
# you are using https. See the 'htpasswd' command to create and
# manage the password file - and the documentation for the
# 'auth_basic' and 'authn_file' modules, which you will need for this
# (enable them with 'a2enmod').
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd

# To enable authorization via mod_authz_svn (enable that module
separately):
#<IfModule mod_authz_svn.c>
#AuthzSVNAccessFile /etc/apache2/dav_svn.authz
#</IfModule>

# The following three lines allow anonymous read, but make
# committers authenticate themselves. It requires the 'authz_user'
# module (enable it with 'a2enmod').
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>

</Location>



this is my configuration file
Post by Andreas Stieger
Hello,
Post by kushal bhattacharya
Can't open directory
'/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn': Permission
denied
The Subversion server process (svnserve or httpd) is unable to access
(read) the path. Adjust the ownership and permissions so that the server
process has the required privileges.
Andreas
Andreas Stieger
2017-11-07 12:30:28 UTC
Permalink
Post by kushal bhattacharya
Post by kushal bhattacharya
Can't open directory
'/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn': Permission
denied
The Subversion server process (svnserve or httpd) is unable to access
(read) the path. Adjust the ownership and permissions so that the server
process has the required privileges.
[..cut..]
this is my configuration file
No, adjust the file system permissions. chown, chmod.

Please refer to the documentation specific to your distribution, e.g.:
https://build.opensuse.org/package/view_file/openSUSE:Factory/subversion/subversion.README.SUSE

Andreas
kushal bhattacharya
2017-11-07 12:34:18 UTC
Permalink
Could you please help me out here ,sorry. But I have been trying whole day
regarding this
Post by kushal bhattacharya
Post by kushal bhattacharya
Can't open directory
'/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn': Permission
denied
The Subversion server process (svnserve or httpd) is unable to access
(read) the path. Adjust the ownership and permissions so that the server
process has the required privileges.
[..cut..]
this is my configuration file
No, adjust the file system permissions. chown, chmod.
Factory/subversion/subversion.README.SUSE
Andreas
kushal bhattacharya
2017-11-07 12:37:40 UTC
Permalink
given permissions like :-

sudo chown www-data:www-data
/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
sudo chmod -R 775 /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn


On Tue, Nov 7, 2017 at 6:04 PM, kushal bhattacharya <
Post by kushal bhattacharya
Could you please help me out here ,sorry. But I have been trying whole day
regarding this
Post by kushal bhattacharya
Post by kushal bhattacharya
Can't open directory
'/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn': Permission
denied
The Subversion server process (svnserve or httpd) is unable to access
(read) the path. Adjust the ownership and permissions so that the server
process has the required privileges.
[..cut..]
this is my configuration file
No, adjust the file system permissions. chown, chmod.
https://build.opensuse.org/package/view_file/openSUSE:Factor
y/subversion/subversion.README.SUSE
Andreas
Andreas Stieger
2017-11-07 12:52:12 UTC
Permalink
Hello,
Post by kushal bhattacharya
Could you please help me out here ,sorry. But I have been trying whole
day regarding this

I am not sure what you are asking here?
Post by kushal bhattacharya
given permissions like :-
sudo chown www-data:www-data 
/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
sudo chmod -R 775 /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
Yes, continue?

Andreas
Doug Robinson
2017-11-07 13:16:06 UTC
Permalink
Kushal:

Just as a slight possibility, you might check to see that the SELinux stuff
is turned off (use the "sestatus" command). If it's not disabled/off then
you're going to have to allow the http account to access that data by
setting the appropriate security context throughout all directories from
the root ('/') down to where the SVN data is stored in that 2nd EXT4
partition - and then the entire SVN data tree.

Cheers.

Doug
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER

T +1 925 396 1125
*E* ***@wandisco.com
--
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
PRIVILEGED

If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
Nico Kadel-Garcia
2017-11-07 23:55:41 UTC
Permalink
Post by Doug Robinson
Just as a slight possibility, you might check to see that the SELinux
stuff is turned off (use the "sestatus" command). If it's not disabled/off
then you're going to have to allow the http account to access that data by
setting the appropriate security context throughout all directories from
the root ('/') down to where the SVN data is stored in that 2nd EXT4
partition - and then the entire SVN data tree.
Do *not* disable SELinux while debugging it. Set it to "permissive".

There have been a serious of nasty bugs when switching from "enabled" to
"disabled", the likes of which get senior sysadmins paid good money to say
that sort of things.
Post by Doug Robinson
Cheers.
Doug
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
T +1 925 396 1125
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*
THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
PRIVILEGED
If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
Doug Robinson
2017-11-08 22:02:20 UTC
Permalink
Nico: Please state references to these bugs. I have not heard anything
about them.

Setting it to "permissive" is fine if you are going to actually use
"audit2allow" to set a policy and then turn things back on. Otherwise it
is slower and accumulating data unnecessarily.
Post by Nico Kadel-Garcia
Post by Doug Robinson
Just as a slight possibility, you might check to see that the SELinux
stuff is turned off (use the "sestatus" command). If it's not disabled/off
then you're going to have to allow the http account to access that data by
setting the appropriate security context throughout all directories from
the root ('/') down to where the SVN data is stored in that 2nd EXT4
partition - and then the entire SVN data tree.
Do *not* disable SELinux while debugging it. Set it to "permissive".
There have been a serious of nasty bugs when switching from "enabled" to
"disabled", the likes of which get senior sysadmins paid good money to say
that sort of things.
Post by Doug Robinson
Cheers.
Doug
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
T +1 925 396 1125
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*
THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
PRIVILEGED
If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER

T +1 925 396 1125
*E* ***@wandisco.com
--
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
PRIVILEGED

If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
Nico Kadel-Garcia
2017-11-09 03:37:55 UTC
Permalink
Post by Doug Robinson
Nico: Please state references to these bugs. I have not heard anything
about them.
There have been multiple. https://bugzilla.redhat.com/show_bug.cgi?id=692573
shows up in a fast Google search: that was admittedly from 2011. I'll also
acknowledge that it's gotten better. A fast search used to show a lot more
reports of poor behavior with SELinux entirely disabled.
Post by Doug Robinson
Setting it to "permissive" is fine if you are going to actually use
"audit2allow" to set a policy and then turn things back on. Otherwise it
is slower and accumulating data unnecessarily.
In my experience, it's not noticeably slower than running SELinux at all.
And "permissive" can be a very useful tool to guide where and how, you
arrange Subversion server components for consistentcy with the already
activated web server SELinux policies. It's also helpful to point out where
your models of web configuration may be a little...... odd, and themselves
a source of error.
Post by Doug Robinson
Post by Nico Kadel-Garcia
Post by Doug Robinson
Just as a slight possibility, you might check to see that the SELinux
stuff is turned off (use the "sestatus" command). If it's not disabled/off
then you're going to have to allow the http account to access that data by
setting the appropriate security context throughout all directories from
the root ('/') down to where the SVN data is stored in that 2nd EXT4
partition - and then the entire SVN data tree.
Do *not* disable SELinux while debugging it. Set it to "permissive".
There have been a serious of nasty bugs when switching from "enabled" to
"disabled", the likes of which get senior sysadmins paid good money to say
that sort of things.
Post by Doug Robinson
Cheers.
Doug
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
T +1 925 396 1125
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*
THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY
BE PRIVILEGED
If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
T +1 925 396 1125
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*
THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
PRIVILEGED
If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
kushal bhattacharya
2017-11-07 12:59:15 UTC
Permalink
Then I am trying to access the reposity from localhost itself but still I
am getting the same error

On Nov 7, 2017 6:22 PM, "Andreas Stieger" <***@gmx.de> wrote:

Hello,
Post by kushal bhattacharya
Could you please help me out here ,sorry. But I have been trying whole
day regarding this

I am not sure what you are asking here?
Post by kushal bhattacharya
given permissions like :-
sudo chown www-data:www-data
/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
sudo chmod -R 775 /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
Yes, continue?

Andreas
kushal bhattacharya
2017-11-07 13:05:32 UTC
Permalink
I am able to access folder in the same partition

On Tue, Nov 7, 2017 at 6:29 PM, kushal bhattacharya <
Post by kushal bhattacharya
Then I am trying to access the reposity from localhost itself but still I
am getting the same error
Hello,
Post by kushal bhattacharya
Could you please help me out here ,sorry. But I have been trying whole
day regarding this
I am not sure what you are asking here?
Post by kushal bhattacharya
given permissions like :-
sudo chown www-data:www-data
/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
sudo chmod -R 775 /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
Yes, continue?
Andreas
Doug Robinson
2017-11-07 14:30:26 UTC
Permalink
Kushal:

It's not you who needs to access it: it is the account that Apache is
running as - at least when running as Apache.
As for "svnserve", it depends on how you've got that setup so to help we
need more details.

Cheers.

Doug

On Tue, Nov 7, 2017 at 8:05 AM, kushal bhattacharya <
Post by kushal bhattacharya
I am able to access folder in the same partition
On Tue, Nov 7, 2017 at 6:29 PM, kushal bhattacharya <
Post by kushal bhattacharya
Then I am trying to access the reposity from localhost itself but still I
am getting the same error
Hello,
Post by kushal bhattacharya
Could you please help me out here ,sorry. But I have been trying whole
day regarding this
I am not sure what you are asking here?
Post by kushal bhattacharya
given permissions like :-
sudo chown www-data:www-data
/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
sudo chmod -R 775 /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
Yes, continue?
Andreas
--
*DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER

T +1 925 396 1125
*E* ***@wandisco.com
--
World Leader in Active Data Replication™
*Find out more wandisco.com <http://wandisco.com/>*

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
PRIVILEGED

If this message was misdirected, WANdisco, Inc. and its subsidiaries,
("WANdisco") does not waive any confidentiality or privilege. If you are
not the intended recipient, please notify us immediately and destroy the
message without disclosing its contents to anyone. Any distribution, use or
copying of this email or the information it contains by other than an
intended recipient is unauthorized. The views and opinions expressed in
this email message are the author's own and may not reflect the views and
opinions of WANdisco, unless the author is authorized by WANdisco to
express such views or opinions on its behalf. All email sent to or from
this address is subject to electronic storage and review by WANdisco.
Although WANdisco operates anti-virus programs, it does not accept
responsibility for any damage whatsoever caused by viruses being passed.
Ulaganathan, Udhayakumar
2017-11-07 14:37:04 UTC
Permalink
Make sure the contents of svn.acc file have the entries – to give rw access to the accounts as stated in the following example

#======
# Define Groups
[groups]
administrators = admin

# Rules allowing/denying access
[reponame:/]
@administrators = rw
#======



Cheers,
Udhay


From: ***@gmx.de [mailto:***@gmx.de] On Behalf Of Doug Robinson
Sent: Tuesday, November 07, 2017 8:00 PM
To: kushal bhattacharya <***@gmail.com>
Cc: Andreas Stieger <***@gmx.de>
Subject: Re: Apache subversion unable to open another ext4 partion svn repository

Kushal:

It's not you who needs to access it: it is the account that Apache is running as - at least when running as Apache.
As for "svnserve", it depends on how you've got that setup so to help we need more details.

Cheers.

Doug

On Tue, Nov 7, 2017 at 8:05 AM, kushal bhattacharya <***@gmail.com<mailto:***@gmail.com>> wrote:
I am able to access folder in the same partition

On Tue, Nov 7, 2017 at 6:29 PM, kushal bhattacharya <***@gmail.com<mailto:***@gmail.com>> wrote:
Then I am trying to access the reposity from localhost itself but still I am getting the same error

On Nov 7, 2017 6:22 PM, "Andreas Stieger" <***@gmx.de<mailto:***@gmx.de>> wrote:
Hello,
Post by kushal bhattacharya
Could you please help me out here ,sorry. But I have been trying whole
day regarding this
I am not sure what you are asking here?
Post by kushal bhattacharya
given permissions like :-
sudo chown www-data:www-data
/media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
sudo chmod -R 775 /media/sense/20457332-fd6a-409d-821d-6bf368ecf6bd/svn
Yes, continue?

Andreas
--
DOUGLAS B ROBINSON SENIOR PRODUCT MANAGER

T +1 925 396 1125
E ***@wandisco.com<mailto:***@wandisco.com>


[Loading Image...]
World Leader in Active Data Replication™
Find out more wandisco.com<http://wandisco.com/>

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED

If this message was misdirected, WANdisco, Inc. and its subsidiaries, ("WANdisco") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this email or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of WANdisco, unless the author is authorized by WANdisco to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by WANdisco. Although WANdisco operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.
Andreas Stieger
2017-11-07 14:40:12 UTC
Permalink
Hello,
Post by Ulaganathan, Udhayakumar
Make sure the contents of svn.acc file have the entries – to give rw
access to the accounts as stated in the following example
Irrelevant and confusing, as it does not match the original error message.

Andreas
Loading...