Error number 13 - Remote access svn with dav_svn failing - linux

I'm getting the following error on my svn repository
<D:error>
<C:error/>
<m:human-readable errcode="13">
Could not open the requested SVN filesystem
</m:human-readable>
</D:error>
I've followed the instructions from the How to Geek, and the Ubuntu Community Page, but to no success. I've even given the repository 777 permissions.
<Location /svn/myProject >
# Uncomment this to enable the repository
DAV svn
# Set this to the path to your repository
SVNPath /svn/myProject
# Comments
# Comments
# Comments
AuthType Basic
AuthName "My Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
# More Comments
</Location>
The permissions follow:
drwxrwsrwx 6 www-data webdev 4096 2010-02-11 22:02 /svn/myProject
And svnadmin validates the directory
$svnadmin verify /svn/myProject/
* Verified revision 0.
and I'm accessing the repository at
http://ipAddress/svn/myProject
Edit: The apache error log says
[Fri Feb 12 13:55:59 2010] [error] [client <ip>] (20014)Internal error: Can't open file '/svn/myProject/format': Permission denied
[Fri Feb 12 13:55:59 2010] [error] [client <ip>] Could not fetch resource information. [500, #0]
[Fri Feb 12 13:55:59 2010] [error] [client <ip>] Could not open the requested SVN filesystem [500, #13]
[Fri Feb 12 13:55:59 2010] [error] [client <ip>] Could not open the requested SVN filesystem [500, #13]
Even though I confirmed that this file is ugo readable and writable.
What am I doing wrong?

I had to give permissions to apache to the directory above my repo: ie /svn
I used the command
sudo chown -R www-data:webdev /svn

Perhaps the permissions of the files and subdirectories in /svn/myProject weren't changed. Did you change them recursively?

Related

giving /var/www/site1 to www-data:www-data crashes all WP sites on server

-- See Tl;dr below for a short version --
On my ubuntu-16.04 droplet apache2 and php7 both use the user www-data. At some point all three installations of wordpress-4.7.2 seemingly without reason started asking for FTP credentials, indicating they don't have sufficient rights. Each wp instance has it's own mysql database.
I tried to solve this for /site1 with
sudo chown www-data:www-data /var/www/site1/* -R
which shouldn't change anything as this is how the permissions were set already. For whatever reason this caused the browser to return a
HTTP ERROR 500
for the sites in /var/www/site1, /var/www/site2 and /var/www/site3 – nothing works anymore.
The only way I've found to get out of this is to restore the droplet. But each time I try to get the permissions right, I end up with all sites down again.
These are the current permission settings:
drwxr-xr-x 14 root root 4096 Feb 3 XX:14 /var/
drwxrwxr-x 8 www-data www-data 4096 Mar 5 XX:27 /var/www/
drwxr-sr-x 3 www-data www-data 4096 Mar 5 XX:13 /var/www/site1/
drwxrwxr-x 3 www-data www-data 4096 Feb 25 XX:51 /var/www/site2/
drwxrwxr-x 3 www-data www-data 4096 Feb 28 XX:06 /var/www/site3/
The sudo user is member of www-data:
user1#droplet:~$ members www-data
www-data user2 user1
A freshly installed Theme on /site1 caused dozens of PHP Fatal errors like this one:
[Sun Mar 05 19:24:04.003189 2017] [:error] [pid 5632] [client 31.10.138.238:50870]
PHP Fatal error: Uncaught Error: Call to undefined function mysql_escape_string()
in /var/www/site1/html/wp-content/themes/gloria/functions.php:60\nStack trace:\n#0
/var/www/site1/html/wp-settings.php(425): include()\n#1 /var/www/bw/html/wp-config.php(89):
require_once('/var/www/site1/htm...')\n#2 /var/www/bw/html/wp-load.php(37):
require_once('/var/www/site1/htm...')\n#3 /var/www/bw/html/wp-admin/admin.php(31):
require_once('/var/www/site1/htm...')\n#4 /var/www/bw/html/wp-admin/themes.php(10):
require_once('/var/www/site1/htm...')\n#5 {main}\n thrown in
/var/www/site1/html/wp-content/themes/gloria/functions.php on line 60
After deleting the theme, /site1 went back online. I have no idea why. The first two times I ended up restoring the droplet because of
HTTP ERROR 500
this theme wasn't involved. Even though /site1 is back up, /site2 and /site3 remain stuck with
HTTP ERROR 500
Since the removal of the theme in /site1 the Apache Error Log doesn't have any suspicious entries:
[Sun Mar 05 19:56:35.456584 2017] [mpm_prefork:notice] [pid 1671] AH00171: Graceful restart requested, doing restart
[Sun Mar 05 19:56:35.662742 2017] [mpm_prefork:notice] [pid 1671] AH00163: Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Sun Mar 05 19:56:35.662765 2017] [core:notice] [pid 1671] AH00094: Command line: '/usr/sbin/apache2'
Any ideas?
Edit: An instance of ActiveCollab in /var/www/site2/activecollab/ never stopped working during the whole issue. All connection and permission checks done by ActiveCollab for it's own files, folders and database are positive.
Tl;dr: WP1 asks for FTP, I say
sudo chown www-data:www-data /var/www/site1/* -R
WP1, WP2 and WP3 tell the browser to
HTTP ERROR 500
while ActiveCollab in a subfolder of WP2 doesn't give a sh*t and keeps running.
Try these
sudo chmod -R 774 /var/www/yourwordpressfolder
And then
sudo chown -R www-data:www-data /var/www/yourwordpress
Finally
sudo chmod -R 777 /var/www/yourwordpressfolder

Apache/httpd /var/www/html/ .cgi scripts throw 500 internal server error

I installed a new CentOS 7 x86_64 LAMP server today.
I compiled a simple CGI script in c and i called it test.cgi, and I enabled the AddHandler for .cgi scripts. However everytime i try to load the /test.cgi page from my /var/www/html directory any simple .cgi script will throw me a 500 internal server error page.
I tested that the script is working fine from the /var/www/cgi-bin directory.
My server is running selinux and apache/httpd is using suEXEC.
EDIT: also I didn't create any extra users after the lamp installation so here I'm using root to do everything for now. However I tried to fix giving the /var/www/html directory ownership to the apache user, that didn't fix sadly.
Here's the error log, as you can see it gives me a 'Permission Denied' error:
[Mon Jul 21 15:28:14.336626 2014] [core:notice] [pid 22704] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Jul 21 15:28:14.339766 2014] [suexec:notice] [pid 22704] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Jul 21 15:28:14.495631 2014] [auth_digest:notice] [pid 22704] AH01757: generating secret for digest authentication ...
[Mon Jul 21 15:28:14.498690 2014] [lbmethod_heartbeat:notice] [pid 22704] AH02282: No slotmem from mod_heartmonitor
[Mon Jul 21 15:28:14.765072 2014] [mpm_prefork:notice] [pid 22704] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 configured -- resuming normal operations
[Mon Jul 21 15:28:14.765186 2014] [core:notice] [pid 22704] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Mon Jul 21 15:28:16.027553 2014] [cgi:error] [pid 22706] [client 192.168.0.68:52930] AH01215: (13)Permission denied: exec of '/var/www/html/index.cgi' failed
[Mon Jul 21 15:28:16.030595 2014] [cgi:error] [pid 22706] [client 192.168.0.68:52930] End of script output before headers: index.cgi
[Mon Jul 21 15:45:01.586229 2014] [mpm_prefork:notice] [pid 22704] AH00170: caught SIGWINCH, shutting down gracefully
This is my /var/www/html apache config:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options ExecCGI FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
And of course I activated CGI using: AddHandler cgi-script .cgi .pl
This is my simple test.c file:
#include <stdio.h>
int main(void) {
puts("Content-Type: text/html; charset=ISO-8859-1\n");
fputs("Hello, World!", stdout);
return 0;
}
The output is correctly: Content-Type: text/html; charset=ISO-8859-1\n\nHello, World!
Also i compiled it with gcc and then gave it permissions 777 to test.cgi
Do you know what I need to do to fix this?
Thanks in advance,
Zorgatone
I'm not sure if this is a viable solution for you, but I got it working by changing SELinux to permissive. Here are the steps in case you're interested.
vi /etc/selinux/config
Change the following line:
SELINUX=enforcing
to:
SELINUX=permissive
I just solved reinstalling the server and doing all over again, disabled selinux and iptables, because I have already an external firewall.
Thanks to anyone who helped me out ;)
This is most likely an SELinux issue (which Tom Sweeney answer provides a solution to use a permissive SELinux and your own accepted answer which you indicated to disable SELinux entirely). An alternative approach is to configure appropriate SELinux types for your CGI files (and possibly other policy changes).
To start off, install the SELinux Policy Management tool (if not already done):
sudo yum install policycoreutils-python
Assuming you want to permit all CGI-based files in your /var/www/html directory, you can use the following command to apply the httpd_sys_script_exec_t context to your current and future CGI files:
sudo semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html(/.*)?/.*\.cgi'
Next, restore the content for any existing CGI files:
sudo restorecon -Rv /var/www/html/
You will also need to permit Apache to allow CGI scripts to be executed using the following:
sudo setsebool -P httpd_enable_cgi 1
You should be done. Note that if your CGI scripts need to read/write content from other files in your system, you'll have to also apply the httpd_sys_rw_content_t context to those files as well (see below for an example).
Just experienced this issue attempting to install Bugzilla (which uses CGI) on a CentOS 7 (x86_64) system. The following error was observed when monitoring my httpd error log (sudo tail -f /var/log/httpd/error_log):
[cgi:error] [pid 1825] [client ...:56481] AH01215: (13)Permission denied: exec of '/var/www/html/bugzilla/index.cgi' failed
[cgi:error] [pid 1825] [client ...:56481] End of script output before headers: index.cgi
Examining the context's applied to my Bugzilla installation, I see the following:
$ ls -Z /var/www/html/bugzilla/
...
-rwxr-x---. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.cgi
...
I then use the following commands to permit execution for Bugzilla's CGI scripts as well as access for said CGI scripts to read content inside the ./data directory:
sudo yum install policycoreutils-python
sudo semanage fcontext -a -t httpd_sys_script_exec_t '/var/www/html/bugzilla(/.*)?/.*\.cgi'
sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/bugzilla/data(/.*)?'
sudo restorecon -Rv /var/www/html/bugzilla/
sudo setsebool -P httpd_enable_cgi 1
Examining the applied context's show the desired results:
$ ls -Z /var/www/html/bugzilla/
...
-rwxr-x---. apache apache unconfined_u:object_r:httpd_sys_script_exec_t:s0 index.cgi
...
Bugzilla should be usable now. There may be additional policies to apply for all capabilities provided by Bugzilla; however, I'm unknown if any additional policies are required.
This is SELinux permission issue, it's not recommended to disable the SELinux.
Please check if your application worked in the permissive mode of SELinux then it's SELinux issue.
Find the below URL to check the exact issue and we will get blocking content from /var/log/audit.log
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/troubleshooting-problems-related-to-selinux_using-selinux

How to allow Apache and MapServer access to data on different file system?

I have a large hard drive I would like to store data mapserver (Runs as a cgi-bin under Apache) but I am ruining in to errors when trying to access the data.
When I try and access any thing in the /bac/data/gis using mapserver I get:
msDrawMap(): Image handling error. Failed to draw layer named 'world'. msShapefileOpen(): Unable to access file. (/var/www/html/gis/world.shp) msShapefileOpen(): Unable to access file. (/bac/data/gis/global/world.shp)
from the mapserver log file:
[Fri Aug 2 01:12:15 2013].100850 CGI Request 1 on process 28658
[Fri Aug 2 01:12:15 2013].105687 msDrawMap(): rendering using outputformat named png (AGG/PNG).
[Fri Aug 2 01:12:15 2013].105731 msDrawMap(): WMS/WFS set-up and query, 0.000s
[Fri Aug 2 01:12:15 2013].105819 msShapefileOpen(): Unable to access file. (/bac/data/gis/global/world.shp)
[Fri Aug 2 01:12:15 2013].105838 msShapefileOpen(): Unable to access file. (/var/www/html/gis/world.shp)
[Fri Aug 2 01:12:15 2013].105848 msDrawMap(): Image handling error. Failed to draw layer named 'world'.
[Fri Aug 2 01:12:15 2013].106077 mapserv request processing time (msLoadMap not incl.): 0.005s
[Fri Aug 2 01:12:15 2013].106085 msFreeMap(): freeing map at 0x1bdfde0.
I also tried accessing data directly using Apache to see if it could read anything in /bac/data/gis. This was done by adding an ailes and directory directive to httpd.cfg file.
This to failed with the flowing error message in the httpd-error log.
[Thu Aug 01 22:52:37 2013] [error] [client 192.168.0.1] (13)Permission denied: access to /gis/ denied (filesystem path '/bac') because search permissions are missing on a component of the path
The file system is mounted as "/bac" and the data is in /bac/data/gis
my httpd directorys are /var/www/[html cgi-bin]/
I have ensured +x permission on all directors in the /bac/dat/gis path. I all so disabled seliux as this is general the first thing I try when faceing an access denied situation.
Is it possible access data on other file system using Apache and cgi-bin scripts such as mapserver?
As arkascha pointed out, the mount points and filesystems are irrelevant when considering access permissions. You should check that your apache user has access to those files:
user#host$ sudo su apache (apache may need to be replaced by httpd, www-data, check your apache config file to see under which user apache runs)
apache#host$ ls /bac/data/gis/global/world.shp
If the ls command returned a permission error, you have determined the cause of your error. In that case check that the permissions on /bac/data/gis/global/world.shp have "+r" for apache (that will probably be for the "others"), and that all the intermediate directories have +x.
sudo chmod o+r /bac/data/gis/global/world.*
sudo chmod o+x /bac
sudo chmod o+x /bac/data
sudo chmod o+x /bac/data/gis
sudo chmod o+x /bac/data/gis/global

How to access the subversion repository through WebDAV/DeltaV?

I installed and set up BitNami Redmine Stack and created the repository:
svnadmin create /var/svn/repository0/
I use basic authentication.
Part of httpd.conf:
<Location>
DAV svn
SVNParentPath /var/svn
AuthName "Subversion Repository"
AuthType Basic
AuthUserFile /etc/svn-auth.passwd
Require valid-user
Satisfy Any
AuthzSVNAccessFile /var/svn/authz
</Location>
Part of svn-auth.passwd:
htpasswd -c -m /etc/svn-auth.htpasswd someuser
someuser:$apr1$bTN...
authz:
[/]
* = r
[repository0:/]
someuser = rw
When I go through this url: http://remote-linux-host:81/svn/repository0/ I get the following:
I enter my credentials and see:
Forbidden
You don't have permission to access /svn/repository0/ on this server.
For this url http://remote-linux-host:81/svn/ I get:
<D:error><C:error/><m:human-readable errcode="2">
Could not open the requested SVN filesystem
</m:human-readable></D:error>
What I have in error.log:
...
[Wed Dec 12 15:16:17 2012] [error] [client ..ip...] Failed to load the AuthzSVNAccessFile: /var/svn/authz:22: Option expected
[Wed Dec 12 15:16:17 2012] [error] [client ..ip...] Access denied: 'someuser' GET svn:/repository0
[Wed Dec 12 15:16:20 2012] [error] [client ..ip...] Failed to load the AuthzSVNAccessFile: /var/svn/authz:22: Option expected
[Wed Dec 12 15:16:20 2012] [error] [client ..ip...] Access denied: 'someuser' GET svn:/repository0
[Wed Dec 12 15:16:38 2012] [error] [client ..ip...] Failed to load the AuthzSVNAccessFile: /var/svn/authz:22: Option expected
[Wed Dec 12 15:16:38 2012] [error] [client ..ip...] Access denied: 'someuser' GET svn:/repository0
[Wed Dec 12 15:16:46 2012] [error] [client ..ip...] (20014)Internal error: Can't open file '/var/svn/format': No such file or directory
[Wed Dec 12 15:16:46 2012] [error] [client ..ip...] Could not fetch resource information. [500, #0]
[Wed Dec 12 15:16:46 2012] [error] [client ..ip...] Could not open the requested SVN filesystem [500, #2]
[Wed Dec 12 15:16:46 2012] [error] [client ..ip...] Could not open the requested SVN filesystem [500, #2]
I made some small changes in the authz file:
[groups]
developers = someuser
[repository0:/]
#developers = rw
Now, when I go through this url again http://remote-linux-host:81/svn/repository0/ I get the following:
<D:error><C:error/><m:human-readable errcode="2">
Could not open the requested SVN filesystem
</m:human-readable></D:error>
What am I doing wrong?
I gave read/write access for the user who runs the Apache and now everything is OK.

(13)Permission denied: access to /cgi-bin/test.cgi denied

I am trying out CGI-scripts for the first time but without success. I have read many tutorials and followed may threads in different forums but I can not make it work.
I am using a appache web server on a Fedora 10 machine.
I always have problem with
[Wed Oct 21 20:47:36 2009] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Oct 21 20:47:36 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Oct 21 20:47:36 2009] [notice] Digest: generating secret for digest authentication ...
[Wed Oct 21 20:47:36 2009] [notice] Digest: done
[Wed Oct 21 20:47:36 2009] [notice] Apache/2.2.11 (Unix) DAV/2 PHP/5.2.9 mod_ssl/2.2.11 OpenSSL/0.9.8g configured -- resuming normal operations
I need help.
This is what my environment looks like.
uname -a
Linux localhost.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686 i386 GNU/Linux
ls -l /var/www/cgi-bin/
total 36
-rwxrwxrwx 1 root root 106 2009-10-21 18:29 index.html
-rwxr-xr-x 1 root root 11089 2009-02-24 20:11 squidGuard.cgi
-rwxr-xr-x 1 root root 5720 2009-02-24 20:11 squidGuard-simple.cgi
-rwxr-xr-x 1 root root 5945 2009-02-24 20:11 squidGuard-simple-de.cgi
-rwxrwxrwx 1 root root 110 2009-10-21 17:38 test.cgi
apachectl -v
Server version: Apache/2.2.11 (Unix)
Server built: Mar 6 2009 09:12:25
perl -version
This is perl, v5.10.0 built for i386-linux-thread-multi
Copyright 1987-2007, Larry Wall
My script
cat test.cgi
#!/usr/bin/perl
print "Content-Type: text/html\n\n";
print "Hello, world!\n";
The error message I gen when I try to access the web page server "http://192.168.50.29/cgi-bin/test.cgi" looks like this:
[Wed Oct 21 21:00:27 2009] [error] [client 192.168.50.69] (13)Permission denied: access to /cgi-bin/test.cgi denied
I have added the line:
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
to /etc/httpd/conf/httpd.conf
I just can not make it work.
Can anyone help me?
Check your os permissions for test.cgi and be sure the user or group you are using to run your apache it has read access.
EDIT - The problem is with permissions, but not with read permissions, as you are using SELinux, you need to worry about your file context. Check this thread at fedora forums, it explains quite a few options to solve your problem.
1.FIRST CHECK THE HTTPD.CONF FILE.Set the script directory as follows in the httpd.conf.
Here you'd need to make sure you find the right httpd.conf file.For example, in my Debian, the default httpd.conf is /etc/apache2/sites-avaialbe/default.
<Directory "dir_name">
Options All
AllowOverride All
Order allow,deny
Allow from all
<Directory>
OR you could just use the default /cgi-bin folder.
2.Set the execute permission for the test script.
chmod +x script_name
check your fstab if the mounted filesystem have permission to execute
UUID=xxx-xxx-xxx-xx-xx /mnt/mountpoint ext4 rw,user,exec 0 0
the exec part is important
SELinux prevented Apache from accessing the cgi script in my case.
A quick-n-dirty fix that worked for me was turning off SELinux:
vim /etc/sysconfig/selinux
set "SELINUX=disabled"
reboot

Resources