Re: server config

Mon, 19 Aug 2013 12:52:25 -0700 

On 8/19/2013 12:13 PM, Scott Frankel wrote:

This is my first brush with Apache, OpenSSL, and general server config.  Thanks 
in advance for your suggestions!  BTW, I'm not subscribed and would appreciate 
being cc'd on any replies.
Scott



<Location /svn>
   DAV svn
   SVNParentPath /var/svn

   # Authentication: Digest
   AuthName "Subversion repository"
   AuthType Digest
   AuthUserFile /etc/svn-auth.htdigest

   # Authorization: Authenticated users only
   Require valid-user
</Location>



How many repositories do you have?  You shouldn't use SVNParentPath if you have 
only one repository; use SVNPath.  I don't know if that is the direct cause of 
your problem, but you should fix it.

I chose to use SVNParentPath on purpose.  As soon as I have a secure, working 
server config, I'll be hosting multiple repos.  Daniel and Thomas, thanks for 
your suggestions.
My standard operating procedure is to get things working properly with a simple configuration, then add features one at a time. This helps isolate problems, especially when you are a beginner. I have <VirtualHost> containers in my httpd.conf files for various Web sites, domains, and SVN repositories, and you better believe I didn't try to configure everything at once!
Try using SVNPath the first time and get it working securely before adding new capabilities. It's trivial to move a repository directory under Unix-like systems (and not very hard under Windows) to set up SVNParentPath later, so there is no reason to use SVNParentPath for a single repository.
One last question, just in case: did you run "svnadmin create /var/svn" or "svnadmin create /var/svn/repo1"? In other words, is "/var/svn" a repository or a directory in which a repository was created? The directory in SVNParentPath shouldn't point to a repository, but to the parent directory of the repository (and its friends). I don't know if this would cause the security issues you are seeing, but it is a common enough mistake that I thought I would ask. 

--
    David Chapman      dcchap...@acm.org
    Chapman Consulting -- San Jose, CA
    Software Development Done Right.
    www.chapman-consulting-sj.com

Reply via email to