apache 2.2 - SVN txn-current-lock: Permission Denied

24
2014-04
  • Esaevian

    I've just set up an SVN repository on a Server running CentOS 6. I followed the instructions here and things were going fairly smoothly.

    Until I tried to import my initial file structure

    svn import /path/to/wc http://svn.host.com/svn/repos -m "Init repo"

    gave me the following
    svn: Can't open file '/home/podsvn/svn/repos/db/txn-current-lock': Permission denied

    However, svn import /path/to/wc file:///path/to/repository -m "Init Repo" Works fantastically. not useful for working remotely with the repo.

    A bit of searching led me to see that it was a permissions problem, but any configuration of permissions for the repo failed:

    This is the default repo permissions following the tutorial above, which fails:

    -rw-rw-r-- 1 apache apache  229 Jul 24 08:58 README.txt  
    drwxrwxr-x 2 apache apache 4096 Jul 24 09:17 conf/  
    drwxrwsr-x 6 apache apache 4096 Jul 24 08:58 db/  
    -r--r--r-- 1 apache apache    2 Jul 24 08:58 format  
    drwxrwxr-x 2 apache apache 4096 Jul 24 08:58 hooks/  
    drwxrwxr-x 2 apache apache 4096 Jul 24 08:58 locks/  
    

    Then I added root, apache, and my main user (called poduser which created the repo via svnadmin create repos) to a new group called svn, still fails (even after logging in and out from ssh):

    -rw-rw-r-- 1 apache svn 229 Jul 24 08:58 README.txt  
    drwxrwxr-x 2 apache svn 4096 Jul 24 09:17 conf/  
    drwxrwsr-x 6 apache svn 4096 Jul 24 08:58 db/  
    -r--r--r-- 1 apache svn 2 Jul 24 08:58 format  
    drwxrwxr-x 2 apache svn 4096 Jul 24 08:58 hooks/  
    drwxrwxr-x 2 apache svn 4096 Jul 24 08:58 locks/  
    

    I ran chmod -R g+w ./. (Has the ls -la results you'd expect) I still get the Permission Denied error.

    It seems like when I run import or checkout, it's attempting to access the repository as a user other than root, apache, or poduser.

    Possibly it's attempting to work as the user that logged into the repo (set up in /etc/svn-auth-conf via the tutorial). However, the SVN user I set up there is separate from any accounts on the actual server, right? I shouldn't have to worry about matching up SVN users and server users?

    Thanks,
    -Esa

  • Answers
  • Esaevian

    Figured out my own answer. Derp.

    So I figured out that since I'm running an apache svn server, svn commands are run as the user the httpd process is running as.

    So first I ran ps aux | egrep '(apache|httpd)' and came up with this:

    nobody    1488  0.0  0.2  99604  4960 ?        S    06:02   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    root      1962  0.0  0.0   4140   668 pts/0    S+   06:28   0:00 egrep (apache|httpd)  
    root     11404  0.0  0.2  99208  5188 ?        Ss   Jul24   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    root     27766  0.0  0.1  99208  2340 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    nobody   27767  0.0  0.2  99604  5184 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    nobody   27768  0.0  0.2  99568  5188 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    nobody   27769  0.0  0.2  99604  5196 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    nobody   27770  0.0  0.2  99568  5168 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    nobody   27771  0.0  0.2  99568  5184 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
    

    Well, there's the problem. The apache processes are running as 'nobody' not 'apache' or 'svn' or anything.

    There are two possible solutions for this (I only tried one).

    The one that I did (and that worked) was to go into httpd.conf, and change the lines:

    User nobody
    Group nobody
    

    To:

    User apache
    Group apache
    

    And then service httpd restart and now all of those 'nobody' processes are being run by apache, and svn import works!

    Another solution that would probably work, but I didn't test it, is to go to your repo and run chgrp -R svn ./* so all of the files in the repo have the svn group, and then add the user nobody to the svn group (usermod -g svn nobody). You can also add any other users to the group, if you want (probably more useful is you are running an svnserve svn server, rather than through apache).

    I'm not sure why the apache config was set to run as nobody, it seems to be the default on CentOS servers from GoDaddy (which is the server I'm running on)


  • Related Question

    permissions - Apache getting denied access to a directory on my local server
  • Tony

    I have OS X 10.5 with about 40 websites in the Sites directory. I just downloaded one from my server to initialize a local copy but I am getting denied access. The permissions seem fine but Apache is still giving me the 403. Any ideas why this would happen? Does it have to do with me downloading the files from the internet?

    drwxr-xr-x  30 TAmoyal  TAmoyal   1020 Jul 17 19:45 ./
    drwxr-xr-x+ 55 TAmoyal  TAmoyal   1870 Jul 17 19:45 ../
    -rw-r--r--@  1 TAmoyal  TAmoyal    170 Jul  6 02:40 .htaccess
    -rw-r--r--   1 TAmoyal  TAmoyal    397 Jul  2 19:08 index.php
    -rw-r--r--   1 TAmoyal  TAmoyal  15129 Jul  2 19:08 license.txt
    -rw-r--r--   1 TAmoyal  TAmoyal   7638 Jul  2 19:08 readme.html
    drwxr-xr-x  89 TAmoyal  TAmoyal   3026 Jul 17 16:24 wp-admin/
    -rw-r--r--   1 TAmoyal  TAmoyal  40543 Jul  2 19:10 wp-app.php
    -rw-r--r--   1 TAmoyal  TAmoyal    220 Jul  2 19:10 wp-atom.php
    -rw-r--r--   1 TAmoyal  TAmoyal    274 Jul  2 19:10 wp-blog-header.php
    -rw-r--r--   1 TAmoyal  TAmoyal   3649 Jul  2 19:10 wp-comments-post.php
    -rw-r--r--   1 TAmoyal  TAmoyal    238 Jul  2 19:10 wp-commentsrss2.php
    -rw-r--r--   1 TAmoyal  TAmoyal   2550 Jul  2 19:10 wp-config-sample.php
    -rw-r--r--@  1 TAmoyal  TAmoyal   2458 Jul 17 16:41 wp-config.php
    drwxr-xr-x   5 TAmoyal  TAmoyal    170 Jul 17 16:25 wp-content/
    -rw-r--r--   1 TAmoyal  TAmoyal   1254 Jul  2 19:11 wp-cron.php
    -rw-r--r--   1 TAmoyal  TAmoyal    220 Jul  2 19:11 wp-feed.php
    drwxr-xr-x  77 TAmoyal  TAmoyal   2618 Jul 17 16:29 wp-includes/
    -rw-r--r--   1 TAmoyal  TAmoyal   1946 Jul  2 19:14 wp-links-opml.php
    -rw-r--r--   1 TAmoyal  TAmoyal   2341 Jul  2 19:14 wp-load.php
    -rw-r--r--   1 TAmoyal  TAmoyal  21019 Jul  2 19:14 wp-login.php
    -rw-r--r--   1 TAmoyal  TAmoyal   7113 Jul  2 19:14 wp-mail.php
    -rw-r--r--   1 TAmoyal  TAmoyal    487 Jul  2 19:14 wp-pass.php
    -rw-r--r--   1 TAmoyal  TAmoyal    218 Jul  2 19:14 wp-rdf.php
    -rw-r--r--   1 TAmoyal  TAmoyal    316 Jul  2 19:14 wp-register.php
    -rw-r--r--   1 TAmoyal  TAmoyal    218 Jul  2 19:14 wp-rss.php
    -rw-r--r--   1 TAmoyal  TAmoyal    220 Jul  2 19:14 wp-rss2.php
    -rw-r--r--   1 TAmoyal  TAmoyal  21213 Jul  2 19:14 wp-settings.php
    -rw-r--r--   1 TAmoyal  TAmoyal   3434 Jul  2 19:14 wp-trackbac
    

    Thanks


  • Related Answers
  • Marie Fischer

    Have you checked Apache's error log (/var/log/apache2/error_log)? It might also have to do something with the .htaccess file your listing shows.

  • chaos

    Check the entire path to the directory. Apache needs to be able to read through (x permission) each element of the path in order to be able to reach that directory.

  • cas

    every directory in the path to those files needs to be executable by the apache process.

    so if those files are in /var/www/example/site then /var, /var/www, /var/www/example, and /var/www/example/site ALL need to be executable by the apache process.

    an easy way to make /var/www and all subdirectories thereof executable for ALL users is (as root, or some other user who was write access to all directories involved):

    chmod -R a+X /var/www

    note that's a capital X - that tells chmod to only make directories executable, not files.

    there are other variations, such as "chmod -R ug+X /var/www" if you only want the dirs to be executable by the owner and group members.