Can't open file 'svn/repo/db/txn-current-lock': Permission denied - apache

I have set up a Linux Server and installed Apache and SVN and dav_svn on it. Now, when I try to upload to https://x.x.x.x:x/svn/repo with Tortoise SVN I get
Can't open file '/server/svn/repo/db/txn-current-lock': Permission denied
I have Set up my SSL correctly (I can checkout, no problems, even remotely due to Port Forwarding).
I'm guessing this has to do with the Linux Ownership of the Repository folders, How must I set this/ what are the commands?

This is a common problem. You're almost certainly running into permissions issues. To solve it, make sure that the apache user has read/write access to your entire repository. To do that, chown -R apache:apache *, chmod -R 664 * for everything under your svn repository.
Also, see here and here if you're still stuck.
Update to answer OP's additional question in comments:
The "664" string is an octal (base 8) representation of the permissions. There are three digits here, representing permissions for the owner, group, and everyone else (sometimes called "world"), respectively, for that file or directory.
Notice that each base 8 digit can be represented with 3 bits (000 for '0' through 111 for '7'). Each bit means something:
first bit: read permissions
second bit: write permissions
third bit: execute permissions
For example, 764 on a file would mean that:
the owner (first digit) has read/write/execute (7) permission
the group (second digit) has read/write (6) permission
everyone else (third digit) has read (4) permission
Hope that clears things up!

It's permission problem. It is not "classic" read/write permissions of apache user, but selinux one.
Apache cannot write to files labeled as httpd_sys_content_t they can be only read by apache.
You have 2 possibilities:
label svn repository files as httpd_sys_content_rw_t:
chcon -R -t httpd_sys_content_rw_t /path/to/your/svn/repo
set selinux boolean httpd_unified --> on
setsebool -P httpd_unified=1
I prefer 2nd possibility. You can play also with other selinux booleans connected with httpd:
getsebool -a | grep httpd

I also had this problem recently, and it was the SELinux which caused it.
I was trying to have the post-commit of subversion to notify Jenkins that the code has change so Jenkins would do a build and deploy to Nexus.
I had to do the following to get it to work.
1) First I checked if SELinux is enabled:
less /selinux/enforce
This will output 1 (for on) or 0 (for off)
2) Temporary disable SELinux:
echo 0 > /selinux/enforce
Now test see if it works now.
3) Enable SELinux:
echo 1 > /selinux/enforce
Change the policy for SELinux.
4) First view the current configuration:
/usr/sbin/getsebool -a | grep httpd
This will give you: httpd_can_network_connect --> off
5) Set this to on and your post-commit will work with SELinux:
/usr/sbin/setsebool -P httpd_can_network_connect on
Now it should be working again.

for example on debian
sudo gpasswd -a svn-admin www-data
sudo chgrp -R www-data svn/
sudo chmod -R g=rwsx svn/

I just had this problem
Having multiple user using the same repo caused the problem
Logout evey other user using the repo
Hope this helps

In addition to the repository permissions, the /tmp directory must also be writeable by all users.

3 Steps you can follow
chmod -R 775 <repo path>
---> change permissions of repository
chown -R apache:apache <repo path>
---> change owner of svn repository
chcon -R -t httpd_sys_content_t <repo path>
----> change SELinux security context of the svn repository

Try to disable SELinux by this command /usr/sbin/setenforce 0. In my case it solved the problem.

Related

neovim :PlugUpdate produces permission denied on all plugins

When entering in vim and then running :PlugUpdate all the plugins can't be updated because of the error
x <PLUGIN>:
error: cannot open .git/FETCH_HEAD: Permission denied
I was able to upgrade VimPlugin with :PlugUpgrade without any issues.
I was able to update this before without any issues about a month ago, I found an article saying that I need to change the ownership of the directory with chown which I am assuming would need to be done at $ sudo chown -R ~/.config/nvim/ but if I don't need to change owner then I'd prefer not to
I was able to resolve it by changing ownership with $ sudo chown -R $USER ~/.config/nvim/
note make sure to $ echo $USER to make sure that it's the user you wish to change the ownership of the directory

Giving Apache permission on Joomla folder

I have a Joomla site that the files is owner by root:root. But this way I can't update or install any plugins on Joomla. However when I set de folder's site to the apache owner the site downs return ERROR 500.
How could I fix it?
I've tried set apache owner end set the permissions like below:
chown apache:apache /var/www/html/site
chmod -R 755 /var/www/html/site
Ps.: The site was migrated from another server where the owner of the files is the apache.
Simply run apachectl -S as root or sudo (sudo apachectl -S) and look at the lines which tell User and Group owner.
Other solution, typing the command ps faux will tell you what you need at first column the owner of the process you want to know about.
Also, htop command could help you as same as before if it is installed.
EDIT :
you can also specify -R to do recursive with chown command
I found out the solution. Was just the permissions on files the problem. I don't know why, but when I moved the files of site to another server the folders change the permissions 755 to 655. Changed this permissions everything cames back to normal.
Thanks again!

Selinux denying writing to /var/www/tmp even though the context is httpd_sys_rw_content_t

Problem:
httpd is unable to write to /var/www/tmp because it is being blocked by SELinux.
Description: A PDF report library which I'm using to download reports from my website is throwing 'Permission Denied' errors since it is unable to write to /var/www/tmp. I have set the tmp folder location of php to /var/www/tmp. The /var/www/tmp is owned by apache. Also its context has been set to httpd_sys_rw_content_t. Still httpd is unable to write in this directory.
What am I missing?
I have set the context and permissions using below commands.
chown -R apache:apache /var/www/tmp
semanage fcontext -a httpd_sys_rw_content_t "/var/www/tmp(/.*)?"
What may be going wrong? Please note, I don't wish to disable SELinux.
I believe -t flag should be added in semanage command to specify the type. After that apply the changes using restorecon -v

Docker wrong permission apache2

I have a problem whith my installation of docker. When I launch my docker-compose up I have this error :
front_1 | /var/lock/apache2 already exists but is not a directory owned by www-data.
front_1 | Please fix manually. Aborting.
I have this error because I add this line in my dockerfile conf :
RUN usermod -u 1000 www-data
But if I delete this line, my symfony project doesn't work with docker.
Do you have any ideas to solve my problem ?
Best regards
As I see it, you are trying to change UID of user www-data inside docker to have the same ID as host machine user UID (you), so you can open project files in your IDE.
This introduces file permissions problems on apache2 service, which can't read it's own files (config, pid,...), simply because it is not the same user anymore.
Quick 'dirty' solution is to change only owner of symfony project files to UID 1000, but keep group (GID) to the www-data. This applies only for dev machine. Else you don't needed it. Run command inside container.
chown -R 1000:www-data /home/project
You can create some bash alias inside docker to have it at hand.
Other option is to use ACL which will set existing files and folder with permissions, which will get inherited to newly created files under given folder. This could be put to bootstrap script inside container. But only for DEV mode. This way you won't need to run chown.
chown -R 1000:www-data /home/project #set for existing files
/usr/bin/setfacl -R -m u:www-data:rwx -m u:0:rwx -m u:1000:rwx /home/project
/usr/bin/setfacl -dR -m u:www-data:rwx -m u:0:rwx -m u:1000:rwx /home/project
Each -m is for a different user. First is www-data (apache2), second is 0 (root) and third is 1000 (you).
Remember UID can change anytime. So this could create security hole if mentioned users are not having proper UID.
I used second method only for folders, where PHP via apache2 sets permissions (uploaded files, cache,...), but host user needs to access these files.

CakePHP based application installation error: 777 permission directory is not writable?

Trying to install my CakePHP based application on server, but got following error:
Warning: _cake_core_ cache was unable to write 'cake_dev_en-us' to File cache in /var/www/html/cakephp-2460/lib/Cake/Cache/Cache.php on line 325
Warning: /var/www/html/tmp/cache/persistent/ is not writable
Sounds simple, but it is not - because my 'persistent' directory IS writable - in fact, /tmp and it's sub directories are writable.
Can you point me where is the problem? Do I missing some of PHP modules on server, or something like that?
Is there something to do with SeLinux?
Check that the user group for that directory is correct.
Maybe the user owner group does not have root permissions and therefor cannot write.
you may need to do the following on your server:
chown root:root -R /path_to_cake/app/tmp
Yes it is the problem in your SeLinux.You have to set www/..path../tmp directory is a httpd_cache_t so opan your terminal and
list to see all httpt_cache_t in system
# semanage fcontext -l | grep httpd
Set your www/.../tmp directory
# semanage fcontext -a -t 'httpd_cache_t' 'www/..path../tmp(/.*)?'
# restorecon -Rvvv /path/to/wwwroot/cache