I am trying to setup subversion on my Debian LAMP stack and I am running into quite a few issues. I have been following the library.linode articles for reference, but I think I have exhausted the available resources and I'm hoping someone can point me to a solution.

The setup I have deployed is that I setup a development domain at dev.mydomain.com which points to /srv/www/dev.mydomain.com/public_html/ and that seems to work fine. So then I setup a subdomain to host svn which is svn.mydomain.com. I setup my repositories in /srv/svn/domain where "domain" is the repository.

I then setup the following virtual host in /etc/apache/sites-available/

<VirtualHost my.ip.goes.here:80>
ServerAdmin webmaster@domain.com
ServerName svn.mydomain.com
ErrorLog /srv/www/svn.mydomain.com/logs/error.log
CustomLog /srv/www/svn.mydomain.com/logs/access.log combined

<Location />
DAV svn
SVNParentPath /srv/svn
</Location>
<Location /knowlo>
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /srv/auth/svn/mydomain.htpasswd
Require valid-user
</Location>
</VirtualHost>

As per the configuration, I set up the authorization files at /srv/auth/svn. I also granted apache user rights on /srv/svn/

When I try to access the repository at http://svn.mydomain.com/mydomain I am prompted for HTTP authentication, but upon successful authentication I get a 403 forbidden.

Any thoughts on why I can't get in?

cursory glance tells me you're missing a directory tag for /srv/svn.

http://httpd.apache.org/docs/2.2/mod/core.html#directory

Thanks for the cursory glance. I added a directory tag for the svn.mydomain.com file in /etc/apache2/sites-available but no luck – still a 403. Is that where you would add the directory tag?

yeah something like:

<Directory /srv/svn>
  Options Indexes Multiviews
  Order allow,deny
</Directory>

but this seems weird to me:



is 'knowlo' the domain name aka repos name in /srv/svn?

Are you sure that there aren't any filesystem privilege problems with your SVN tree? For my DAV-served SVN repositories, I set the entire SVN tree to have www-root as owner and group, since that's what Apache runs as.

Any errors in Apache's error.log that might indicate an underlying issue that is leading to the 403?

Your config is pretty close to what I use, although I have individual SVNPath entries for each of my repository locations rather than a single SVNParentPath. But I just switched mine to use SVNParentPath and it still works. Note that I don't have any Directory entries within my SVN VirtualHost block (or anywhere in my config) referencing the SVN repository filesystem location, so I don't think mod_dav requires that.

-- David

thanks db3l. I had apache (www-data) as the user but not as the group. when i changed it to the group also, everything started working. whew, what a relief.

on a related note, while i was doing all of the setup stuff I realized that I could access the repository by going through svn://svn.mydomain.com/repo_name (as opposed to http://) without any user info. That's doesn't seem secure. is there a way to turn that access off?

That seems to ring a bell, in that in the past I tried using a different group to also permit local (non-dav) access, but finally just punted and gave over ownership to www-data. It might have been that at some stages (read only) Apache is actually doing access as nobody (or something other than www-root), so without the group there were points when Apache couldn't read things. But it was a while ago.


That's completely distinct from anything Apache is doing - to be listening for svn:// I'm pretty sure you have to be running a separate svnserve process with its own configuration file. Check that something else during your setup might not have installed that automatically (perhaps kicked off from /etc/init.d). Or even if you just experimentally tried running svnserve manually in the past and haven't stopped/rebooted since then.

It should be listening on port 3690, so a netstat with -p can show the process and perhaps help backtrack.

-- David

right again! I rebooted and the svn:// access seems to have turned off. I remember looking into svnserve while troubleshooting, so I must have turned it on at sometime.

Thanks again for your help!