> > > > On Wed, Jul 20, 2011 at 9:14 PM, Andy Canfield > <[email protected]>wrote: > >> ** >> Thank you very much. >> >> >> On 07/20/2011 12:19 PM, Nico Kadel-Garcia wrote: >> >> On Tue, Jul 19, 2011 at 11:14 PM, Andy Canfield<[email protected]> >> <[email protected]> wrote: >> >> One thing has hit my mind today that I don't think you realize ... >> >> I have never, in my entire life, seen a working Subversion system. >> >> Apparently Subversion, as distributed, doesn't work - the access >> authentications are deliberately turned off. >> >> I'm afraid it depends on your access requirements. Seriously. Which >> access technology are you using? svn+ssh (which I tend to recommend), >> or Apache (using https://), or svn directorly (svn://) Start with that >> and we'll walk you through it. >> >> >> OK, here goes. >> >> I would like to use http/https. I am not supposed to be working on the >> server, but on my notebook workstation. And svn or svn+ssh require port 3690 >> to be forwarded by the router, and we don't own the router. So I would >> prefer http and/or https. >> >> But on the actual server https is screwed up because mod_dev_svn.so is a >> year earlier than Apache, and apparently there is a version mismatch. When >> svn is enabled apache is dead. I have put in a request for my friend to >> re-install, but that could take a week. >> >> So for the interim I have installed mod_dav etc. on my notebook computer. >> FYI it is running Ubuntu Linux 1.04. This is for testing. >> >> Directory /etc/apache2/modes-enabled contains the file dav.load with this >> contents: >> * LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so* >> That same directoy also contains the file dav_syn.load with these >> contents: >> * # Depends: dav >> LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so >> LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so >> * >> That same directory also contains the file dav_svn.conf which I altered; >> this is the altered contents: >> *# dav_svn.conf - Example Subversion/Apache configuration >> # >> # For details and further options see the Apache user manual and >> # the Subversion book. >> # >> # NOTE: for a setup with multiple vhosts, you will want to do this >> # configuration in /etc/apache2/sites-available/*, not here. >> >> # <Location URL> ... </Location> >> # URL controls how the repository appears to the outside world. >> # In this example clients access the repository as http://hostname/svn/ >> # Note, a literal /svn should NOT exist in your document root. >> >> <Location /svn> >> >> # Uncomment this to enable the repository >> DAV svn >> >> # Set this to the path to your repository >> #SVNPath /var/lib/svn >> >> # Alternatively, use SVNParentPath if you have multiple repositories >> under >> # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, >> ...). >> # You need either SVNPath and SVNParentPath, but not both. >> #SVNParentPath /var/lib/svn >> SVNParentPath /data/svn >> >> >> # Access control is done at 3 levels: (1) Apache authentication, via >> # any of several methods. A "Basic Auth" section is commented out >> # below. (2) Apache <Limit> and <LimitExcept>, also commented out >> # below. (3) mod_authz_svn is a svn-specific authorization module >> # which offers fine-grained read/write access control for paths >> # within a repository. (The first two layers are coarse-grained; you >> # can only enable/disable access to an entire repository.) Note that >> # mod_authz_svn is noticeably slower than the other two layers, so if >> # you don't need the fine-grained control, don't configure it. >> >> # Basic Authentication is repository-wide. It is not secure unless >> # you are using https. See the 'htpasswd' command to create and >> # manage the password file - and the documentation for the >> # 'auth_basic' and 'authn_file' modules, which you will need for this >> # (enable them with 'a2enmod'). >> #AuthType Basic >> #AuthName "Subversion Repository" >> #AuthUserFile /etc/apache2/dav_svn.passwd >> AuthType Basic >> AuthName "Lenny Subversion Repository" >> >> AuthUserFile /etc/apache2/dav_svn.passwd >> >> # To enable authorization via mod_authz_svn >> #AuthzSVNAccessFile /etc/apache2/dav_svn.authz >> >> # The following three lines allow anonymous read, but make >> # committers authenticate themselves. It requires the 'authz_user' >> # module (enable it with 'a2enmod'). >> #<LimitExcept GET PROPFIND OPTIONS REPORT> >> #Require valid-user >> #</LimitExcept> >> * >> * Require valid-user* >> * >> </Location> >> * >> By the way, all three of the above files in /etc/apache2/mods-enabled are >> actually symbolic links to the same file name in ../mods-available. >> >> I used sudo htpasswd to create the /etc/apache2/dav_svn.passwd file: >> * andy:4izmp7W8TSqww* >> >> Also I created my subversion directory like this:\ >> * sudo bash >> mkdir /data/svn >> chmod a+w /data/svn* >> *ls /data/svn >> ** drwxrwxrwx 2 root root 4096 2011-07-21 10:53 /data/svn* >> >> Now I point my browser to http://localhost/svn and I get a prompt for a >> user name and password. If I type in my valid user name "andy" and a >> completely spurious password, I get prompted again. But if I type in my >> valid user name and password (as given when I created the dav_svn.passwd >> file), the result is: >> * Forbidden >> You don't have permission to access /svn on this server. >> Apache/2.2.17 (Ubuntu) Server at localhost Port 80* >> >> Of course the /data/svn file is completely empty; there's nothing in it. >> OK, so I try to put something in it: >> * svnadmin create /data/svn/sample >> * >> Now when I point my browser at http://localhost/svn I get the same >> "Forbidden" message as before. However, when I point my browser to >> "http://localhost/svn/sample"; <http://localhost/svn/sample> I see a very >> simple web page: >> * sample - Revision 0: / >> Powered by Subversion version 1.6.12 (r955767).* >> Well, that's something. Doesn't give me any list of repositories, but it's >> something. >> >> Isn't http://localhost/svn supposed to show me something useful? >> >> > One would think so, yes. I get the same thing, Andy. > > Going to http://[mysvnserver]/svn I can login at the .htaccess prompt, and > get forbidden. I have SVNListParentPath on also inside the <Location /svn> > directive. I tried to > sudo chown -R www-data:www-data /data/svn > but it had no effect on the list. The error it is throwing is > > [Thu Jul 21 08:09:38 2011] [error] [client my-ip-add-ress] The URI does not > contain the name of a repository. [403, #190001] > >
For what it's worth, this was why I added websvn info with how to point websvn config to your authz file. That is, it matters less that /svn doesn't work when /websvn/ does and provides a lot more useful web interface (including log browsing, basic diff view, subscribing to RSS of commit logs and more). Clearly this isn't a fix though.
