Subversion/Apache/suEXEC woes

Shot - Piotr Szotkowski shot at hot.pl
Mon Sep 12 09:37:41 UTC 2005 

Hello.

I have a problem with a Subversion/Apache/suEXEC configuration.

The setup is a Hoary ubuntu-base-based server running
apache2-mpm-prefork 2.0.53-5ubuntu5.3 and subversion 1.2.0-1ubuntu1
(backported from Breezy). The repository is a FSFS one with the proper
permissions (tree's output at the end of this email) for user decomp,
who can checkout and commit when working locally with the file://
protocol.

I have the following configuration in
/etc/apache2/sites-available/svn.decomp:

<VirtualHost *>
    ServerName [the-repository]
    ErrorLog /var/log/apache2/error.svn.decomp.log
    CustomLog /var/log/apache2/access.svn.decomp.log combined
    SuexecUserGroup decomp decomp
    <Location />
        DAV svn
        SVNPath /var/svn/decomp
        AuthType Digest
        AuthName "decomp"
        AuthDigestFile /etc/apache2/sites-available/.htdigest.decomp
        Require valid-user
    </Location>
</VirtualHost>

Browsing the repository via a web-browser works as expected (after
logging in as user shot, defined in the .htdigest.decomp file).
Checking-out with `svn checkout http://[the-repository]/` works
as expected as well, i.e. the credentials from the .htdigest.decomp
file work here as well.

The catch is with commiting back the changes - I can't commit to the
repository as myself (shot) using the http://[the-repository]/ approach:

$ svn commit
svn: Commit failed (details follow):
svn: Can't create directory '/var/svn/decomp/db/transactions/4-1.txn': Permission denied

The same happens when I work as user decomp - checking out
from http://[the-repository]/ works (with a login step based
on .htdigest.decomp contents), but an attempt to commit throws
the above error.

AFAIK, this means Apache can't write to the specified location below
/var/svn/decomp, which is strange, as it runs as the user:group
decomp:decomp (via 'SuexecUserGroup decomp decomp' in the config
above).

What am I missing?



$ tree -apug /var/svn/
/var/svn/
`-- [drwxr-xr-x decomp   decomp  ]  decomp
    |-- [-rw-r--r-- decomp   decomp  ]  README.txt
    |-- [drwxr-xr-x decomp   decomp  ]  conf
    |   |-- [-rw-r--r-- decomp   decomp  ]  passwd
    |   `-- [-rw-r--r-- decomp   decomp  ]  svnserve.conf
    |-- [drwxr-xr-x decomp   decomp  ]  dav
    |-- [drwxr-sr-x decomp   decomp  ]  db
    |   |-- [-rw-r--r-- decomp   decomp  ]  current
    |   |-- [-r--r--r-- decomp   decomp  ]  format
    |   |-- [-rw-r--r-- decomp   decomp  ]  fs-type
    |   |-- [drwxr-sr-x decomp   decomp  ]  revprops
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  0
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  1
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  2
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  3
    |   |   `-- [-rw-r--r-- decomp   decomp  ]  4
    |   |-- [drwxr-sr-x decomp   decomp  ]  revs
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  0
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  1
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  2
    |   |   |-- [-rw-r--r-- decomp   decomp  ]  3
    |   |   `-- [-rw-r--r-- decomp   decomp  ]  4
    |   |-- [drwxr-sr-x decomp   decomp  ]  transactions
    |   |-- [-rw-r--r-- decomp   decomp  ]  uuid
    |   `-- [-rw-r--r-- decomp   decomp  ]  write-lock
    |-- [-r--r--r-- decomp   decomp  ]  format
    |-- [drwxr-xr-x decomp   decomp  ]  hooks
    |   |-- [-rw-r--r-- decomp   decomp  ]  post-commit.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  post-lock.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  post-revprop-change.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  post-unlock.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  pre-commit.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  pre-lock.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  pre-revprop-change.tmpl
    |   |-- [-rw-r--r-- decomp   decomp  ]  pre-unlock.tmpl
    |   `-- [-rw-r--r-- decomp   decomp  ]  start-commit.tmpl
    `-- [drwxr-xr-x decomp   decomp  ]  locks
        |-- [-rw-r--r-- decomp   decomp  ]  db-logs.lock
        `-- [-rw-r--r-- decomp   decomp  ]  db.lock

9 directories, 30 files



Cheers,
-- Shot
-- 
I've found that nurturing one's Zen nature is vital to dealing with technology.
Violence is pretty damn useful too.                        -- Lionel Lauer, asr
====================== http://shot.pl/hovercraft/ === http://shot.pl/1/125/ ===
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050912/de4da109/attachment.sig>

More information about the ubuntu-users mailing list