SVN txn-current-lock: Permission Denied

apache-2.2 centos permissions svn

10,379

Figured out my own answer. Derp.

So I figured out that since I'm running an apache svn server, svn commands are run as the user the httpd process is running as.

So first I ran ps aux | egrep '(apache|httpd)' and came up with this:

nobody    1488  0.0  0.2  99604  4960 ?        S    06:02   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
root      1962  0.0  0.0   4140   668 pts/0    S+   06:28   0:00 egrep (apache|httpd)  
root     11404  0.0  0.2  99208  5188 ?        Ss   Jul24   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
root     27766  0.0  0.1  99208  2340 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
nobody   27767  0.0  0.2  99604  5184 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
nobody   27768  0.0  0.2  99568  5188 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
nobody   27769  0.0  0.2  99604  5196 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
nobody   27770  0.0  0.2  99568  5168 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL  
nobody   27771  0.0  0.2  99568  5184 ?        S    00:18   0:00 /usr/local/apache/bin/httpd -k start -DSSL

Well, there's the problem. The apache processes are running as 'nobody' not 'apache' or 'svn' or anything.

There are two possible solutions for this (I only tried one).

The one that I did (and that worked) was to go into httpd.conf, and change the lines:

User nobody
Group nobody

To:

User apache
Group apache

And then service httpd restart and now all of those 'nobody' processes are being run by apache, and svn import works!

Another solution that would probably work, but I didn't test it, is to go to your repo and run chgrp -R svn ./* so all of the files in the repo have the svn group, and then add the user nobody to the svn group (usermod -g svn nobody). You can also add any other users to the group, if you want (probably more useful is you are running an svnserve svn server, rather than through apache).

I'm not sure why the apache config was set to run as nobody, it seems to be the default on CentOS servers from GoDaddy (which is the server I'm running on)

10,379

Esaevian

Updated on September 18, 2022

Comments

Esaevian over 1 year
I've just set up an SVN repository on a Server running CentOS 6. I followed the instructions here and things were going fairly smoothly.

Until I tried to import my initial file structure

svn import /path/to/wc http://svn.host.com/svn/repos -m "Init repo"

gave me the following
svn: Can't open file '/home/podsvn/svn/repos/db/txn-current-lock': Permission denied

However, svn import /path/to/wc file:///path/to/repository -m "Init Repo" Works fantastically. not useful for working remotely with the repo.

A bit of searching led me to see that it was a permissions problem, but any configuration of permissions for the repo failed:

This is the default repo permissions following the tutorial above, which fails:
```
-rw-rw-r-- 1 apache apache  229 Jul 24 08:58 README.txt  
drwxrwxr-x 2 apache apache 4096 Jul 24 09:17 conf/  
drwxrwsr-x 6 apache apache 4096 Jul 24 08:58 db/  
-r--r--r-- 1 apache apache    2 Jul 24 08:58 format  
drwxrwxr-x 2 apache apache 4096 Jul 24 08:58 hooks/  
drwxrwxr-x 2 apache apache 4096 Jul 24 08:58 locks/  
```
Then I added root, apache, and my main user (called poduser which created the repo via svnadmin create repos) to a new group called svn, still fails (even after logging in and out from ssh):
```
-rw-rw-r-- 1 apache svn 229 Jul 24 08:58 README.txt  
drwxrwxr-x 2 apache svn 4096 Jul 24 09:17 conf/  
drwxrwsr-x 6 apache svn 4096 Jul 24 08:58 db/  
-r--r--r-- 1 apache svn 2 Jul 24 08:58 format  
drwxrwxr-x 2 apache svn 4096 Jul 24 08:58 hooks/  
drwxrwxr-x 2 apache svn 4096 Jul 24 08:58 locks/  
```
I ran chmod -R g+w ./. (Has the ls -la results you'd expect) I still get the Permission Denied error.

It seems like when I run import or checkout, it's attempting to access the repository as a user other than root, apache, or poduser.

Possibly it's attempting to work as the user that logged into the repo (set up in /etc/svn-auth-conf via the tutorial). However, the SVN user I set up there is separate from any accounts on the actual server, right? I shouldn't have to worry about matching up SVN users and server users?

Thanks,
-Esa
- Sameer almost 12 years
  
  svn import /path/to/wc svn.host.com/svn -m "Init repo" Is this right? shouldn't it be svn.host.com/svn/REPO_NAME?
- Esaevian almost 12 years
  
  You're right, I just worded my question wrong. Editing. Even with the repo name, I'm getting the Permission denied error.