'txn-current-lock': Permission denied [500, #13] - Subversion + Apache Configuration Issue

apache-2.2 svn httpd mod-dav-svn

6,376

Solution 1

Instead of having the directories owned by apache:apache, use apache:subversion. That is,

chown apache:subversion -R /var/www/svn

Andrew

Solution 2

The SELINUX boolean value to make SVN write through webdav work is:

setsebool -P httpd_unified=1

My friend experienced this problem and found a solution more than a year ago.

http://www.melange.co.jp/blog/?s=setsebool&submit=Search (written in japanese)

His name is Itoh, a sake lover, lives in Japan, south of Tokyo.

I am posting this for him.

6,376

wfoster

Boise State CS Grad, 2011 Enjoys topics in hardware, software, and everything in between.

Updated on September 17, 2022

Comments

wfoster over 1 year
Current Setup
- Fedora 13 32bit
- Apache 2.2.16
- Subversion repositories setup under /var/www/svn
I have two different repositories under this directory so my /etc/httpd/conf.d/subversion.conf setup in this way;
```
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

<Location /svn>
   DAV svn
   SVNListParentPath on
   SVNParentPath /var/www/svn

   <LimitExcept GET PROPFIND OPTIONS REPORT>
      AuthType Basic
      AuthName "Subversion Repository"
      AuthUserFile /etc/httpd/.htpasswd
      Require valid-user
   </LimitExcept>
</Location>
```
After copying over my repos and using;
- chmod 755 -R /var/www/svn
- chcon -R -t httpd_sys_content_t /var/www/svn
- chown apache:apache -R /var/www/svn
I can browse my repos fine through the browser, and I can update all my working copies, however when I try to check in from anywhere I get the same error

Can't open file '/var/www/svn/repo/db/txn-current-lock':Permission denied

I have been working on this issue for a while now and cant seem to find a solution to my issues. It might be of some use to know that the repo existed on a different server before this, it has been now moved to this new server.

Everything I have read seems to indicate that the permissions for apache are incorrect, however apache is set to run as User apache and Group apache. So as far as I can tell my setup is correct. The behavior is not though.

Any Ideas?

Solution

The only way I was able to get this to work is to disable SELinux, it could also be done by setting the proper booleans with SELinux via setsetbool and getsebool since this is just a home server, I decided to disable SELinux and am reaping the benefits now.
wfoster over 13 years

Wouldn't apache need to be a member of the subversion group then? Should I just create a new group 'subversion' and add apache to it?
wfoster over 13 years

I created the subversion group, added apache to it, then set apache to run as User apache Group subversion. Still getting the error when trying to commit.
Andrew M. over 13 years

No. The subversion group and the apache user define ownership and permission. Saying that its owned by apache:subversion doesn't imply that Apache owns the file. The permission bits define owner, group, and 'nobody' permissions. The Apache server should still be running as User apache, Group apache. Try changing that back first, and we'll continue debugging if need be.
wfoster over 13 years

Well after reading through my .conf files a bunch of times and deciding my configuration was fine. I decided to disable SELinux and it works great. Files are still labeled in same manner apache:apache, and I decided to move my repos off of the root.Since this is just a source repo for my school stuff I'm not too worried about security and what not. Thanks for the help!
Alex over 8 years

This was the correct fix for Apache 2.x / Subversion 1.9 on CentOS 7.1
PolyTekPatrick over 5 years

This should be the accepted answer. This fixed my txn-current-lock Permission denied error on CentOS 7.5, using subversion 1.10.2 from WANdisco.