On Sun, 2009-05-03 at 11:31 -0700, Daniel B. Thurman wrote: > repos > svn1 svn2 svn3 svn4 > Note: > 1) All selinux contexts of dir/files are: httpd_sys_content_t Example contexts on my webserver: ll -Z /var/www drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 html ll -Z /var/www/html/ -rwxr-xr-x tim tim unconfined_u:object_r:httpd_sys_content_t:s0 homepage.html If you serve from another location, you'll need to apply the right contexts, and set up SELinux policy rules so that if a relabel is done, the same contexts are reset. Likewise, if anything creates new files there, it'll either have to create them with the right contexts, or you'll have to set them. > And httpd error_log shows: > =================== > $ svn list http://localhost/svn/svn3 > svn: PROPFIND request failed on '/svn/svn3' > svn: PROPFIND of '/svn/svn3': 403 Forbidden (http://localhost) > =================== > 2) All directory permissions are: 2770 In general, webservable content needs to have directories world readable and world executable. Served content is accessed as "other users," as it's owned by someone other than the apache user (and that's how it should be done). > 3) All file permissions are: 660 In general, webserverable content needs to be world readable. > [Sun May 03 13:25:11 2009] [error] avahi_client_new() failed: An > unexpected D-Bus error occured Do you use Avahi/ZeroConf? It's used for a machine to award itself a random IP (in the 169.254.0.0/16 range) that isn't in use by other machines on the same network. If you use any other method to assign an IP to the network interface (manual configuration, DHCP, etc.), then disable all Avahi daemons. > I have ignored this error. Also, as appeared in the original > posting, Apache's mod_security was reporting "errors", so I removed > mod_security so that these messages do not appear for the purpose of > testing If you want someone's advice, post what the error actually says. > But httpd error_log shows: > =================== > [Sun May 03 14:00:56 2009] [error] [client 127.0.0.1] Could not fetch > resource information. [301, #0] A "301" error is a redirect. What's asked for doesn't exist, but there's an instruction to fetch it from somewhere else. e.g. A request made to <http://example.com/giveme.html>. But there's a redirect instruction on the server that says requests for /giveme.html should go to /takethis.html instead. So a 301 redirect instruction is sent to the client with that information, and the client then requests <http://example.com/takethis.html>. > [Sun May 03 14:00:56 2009] [error] [client 127.0.0.1] (84)Invalid or > incomplete multibyte or wide character: Requests for a collection must > have a trailing slash on the URI. [301, #0] Not knowing what your particular situation does, nor what a "collection" is, but the error's complaining that the URI doesn't end with a trailing slash. That could be a client error, it could be an error in your particular serving application. But HTTP 301s don't require such a thing, in fact it'd break many redirects if it did. It could be a case of getting a listing of a directory, in which case Apache does want a trailing slash. So a redirect from http://example.com/olddirectoryname to http://example.com/newdirectoryname should both have had trailing slashes on them. In some cases, redirects can add the slash, automatically. > However, it seems to work. I can walk down the trees to > the leafs and no further error_log messsages appear. Might be related to what I've just described, with the first redirect being corrected for you. > Next, I tested svn on the command line: > =================== > $ svn list http://gold/svn/svn3 > svn: PROPFIND request failed on '/svn/svn3' > svn: PROPFIND of '/svn/svn3': 403 Forbidden (http://gold) Probably the "world readable" issue I mentioned earlier. > I have at this point, tried almost every permutations of changing dir/file > permissions, relocating the repositories to: /var/www and to /var/www/html, > modifying subversion.conf, checked apache permissions (Allow from all) in > /etc/httpd/conf/httpd.conf & subversion.conf files, checked the firewalls > (they are wide open) and I could never get past the PROPFIND, > 403 Forbidden problem. Sounds more like a directory/file permission or SELinux issue. Or even Apache access limits to parts of the directory tree (AllowFrom directives). If playing with allow from all options, you need to make sure that opposing rules aren't applied on top, and allow/deny rules in the right order. Firewalls might stop a client, but aren't going to stop a server accessing a local file. Perhaps you should post those two configuration files. SVN isn't my forte, but I do plenty of webserving. -- [tim@localhost ~]$ uname -r 2.6.27.21-78.2.41.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
