# subversion webdav reports "Forbidden"

## bl00mie

I just emerged subversion and followed the instructions found here: http://gentoo-wiki.com/HOWTO_Subversion.

import and checkout seem to work fine.  i created some test files in a directory called testRepository.

$ svn import testRepository file:///var/svn/repos

-and-

$ svn co file:///var/svn/repos testRepository 

both did what one would expect...

Unfortunately, I can't seem to get the apache2 + webdav stuff to work.  Here are the appropriate files:

/etc/apache2/conf/modules.d/47_mod_dav_svn.conf :

```
<IfDefine SVN>

        <IfModule !mod_dav_svn.c>

                LoadModule dav_svn_module       extramodules/mod_dav_svn.so

        </IfModule>

        <Location /svn>

                DAV svn

                SVNParentPath /var/svn/repos

                SVNIndexXSLT /svnindex.xsl

                AuthType Basic

                AuthName "Subversion repository"

                AuthUserFile /var/svn/conf/svnusers

                Require valid-user

        </Location>

        <IfDefine SVN_AUTHZ>

                <IfModule !mod_authz_svn.c>

                        LoadModule authz_svn_module     extramodules/mod_authz_s

vn.so

                </IfModule>

        </IfDefine>

</IfDefine>
```

also in /etc/conf.d/apache2:

   APACHE2_OPTS="-D PHP4 -D SVN -D DAV"

when i ask firefox to retrieve http://server.domain.org/svn, after typing in an appropriate username and password, i get "403 forbidden" errors.  if i ask for svn/testRepository, i get some xml that tells me:

```
<D:error>

    <C:error/>

    <m:human-readable errcode="2">Could not open the requested SVN filesystem</m:human-readable>

</D:error>
```

can anyone point me in the right direction??

oh, i used "ebuild /var/db/pkg/dev-util/subversion-1.1.3/subversion-1.1.3.ebuild config" to set up the /var/svn/ directores (incliding repos/)

--chad

----------

## Tuna

try changing the permission on the filesystem. the apache user needs read/write access to the repository directory and its subdirs.

----------

## bl00mie

originally, i set it up to be owned by my user account, with group svnusers, and in /etc/group i have apache listed as a member of svnusers.  but i read some information on the web and your post saying that it might permissions, so i:

# chown -R apache:apache /var/svn 

and nothing changed.  still forbidden.  any other ideas?

----------

## its1louder

I have the exact same problem as described above.  I didn't follow the wiki directions but used this in commonapache2.conf instead:

```

<Location /svn>  

   DAV svn

   SVNParentPath /opt/svn

   AuthType Basic

   AuthName "Subversion repository"

   AuthUserFile /opt/trac/trac.passwd

   Require valid-user

</Location>

```

Its basically adapted from my trac/svn setup based on this https://forums.gentoo.org/viewtopic-t-248613-highlight-trac.html

and the subversion book pages on httpd set-up.

http://svnbook.red-bean.com/en/1.0/ch06s04.html

I'd sure like to figure out how to fix this.  Did you ever figure it out?  I suspect that the password file I made, /opt/trac/trac.passwd doesn't work for svn although it does for trac.  I made it with 

```

htpasswd2 /opt/trac/trac.passwd <username>

```

Its not just a browser problem.  I can't get to the repositories through tortoisesvn client either.

----------

## ronnie

Did you also try adding "-D DAV_FS" to apache opts? See also apache error_log for hints.

----------

## toralf

 *ronnie wrote:*   

> Did you also try adding "-D DAV_FS" to apache opts? See also apache error_log for hints.

 DAV_FS is not needed for subversion, at least you need

```
APACHE2_OPTS="-D DAV -D SVN -D SVN_AUTHZ"
```

Did you append a slash '/' onto your http request ? Subversion expects a collection rather then an URI which could also be file and collection in http requests are marked with a trailing slash.

----------

## Maedhros

Moved from Unsupported Software.

----------

## its1louder

```
APACHE2_OPTS="-D SSL -D DOC -D DAV -D DAVFS -D PYTHON -D PHP4"
```

Thats what I have in /etc/init.d/apache2.

I just added -D DAV_SVN to the list.  Didn't help.  I also have the following seemingly redundant code 

```

LoadModule dav_module         modules/mod_dav.so

LoadModule dav_svn_module     modules/mod_dav_svn.so

LoadModule authz_svn_module   modules/mod_authz_svn.so

```

in /etc/apache2/conf/apache2.conf.  

The 403 forbidden page lists the following modules as loaded:

 *Quote:*   

> 
> 
> Apache/2.0.54 (Gentoo/Linux) DAV/2 SVN/1.1.3 mod_python/3.1.3 Python/2.3.4 mod_ssl/2.0.54 OpenSSL/0.9.7e Server at server.company.COM Port 80
> 
> 

 

(server name change to protect my anonymity)

Any progress?

----------

## its1louder

I gave up on SVNParentPath.  I replaced the single location /svn with multiple location tags one for each repository and put the SVNPath to each one.  For some reason, this works where SVNPArentPath hadn't.  It would be nice to not have to bloat out commonapache2.conf every time with a new location section when ever I start a new project, but for right now I have no choice - I need it to work now.

----------

## ronnie

This is from my /etc/apache2/conf/modules.d/47_mod_dav_svn.conf and works like a charm:

```
        <Location /svn>

                DAV svn

                SVNParentPath /var/svn

                AuthzSVNAccessFile /var/svn/conf/svn.conf

                AuthType Basic

                AuthName "Subversion repository"

                AuthUserFile /var/svn/conf/svnusers

                Require valid-user

        </Location>
```

No hints in error_log?

----------

## its1louder

Its pretty clear that my problem relates to AuthzSVNAccessFile.  I don't know exactly what this is and how to set it up.  I think it is related to the ability to control who is allowed to do what.  I'm not real concerned about that right now - I don't allow anonymous so everyone knows who did what change but I don't have a reason to restrict access differntially across repositories and users.

Basicly, I get the functionality I need, which is multiple independent projects accessible through trac or the SubVersion/webdav clients.  My conf files are not as clean and concise as I would like.  And I can't just create new subversion directories and have them be accessible the way SVNParentPath lets you - I have to add a new location tag.  But new projects are relatively rare so I can live with that overhead for now.  I'd like to fix this problem but I will have to let it slide for now since I have a reasonable if inelegant workaround.

Some day I'll get it ironed out, and then I'll post it here, but probably not anytime soon.

----------

## thomasa88

I get the forbidden problem too, in my case apache tries [DocumentRoot]/svn/repos. I know my settings are ok cuz it worked the first time but not the other  :Confused: 

I found it does this by trying without ssl (e.g. http://) and saw in the error log that it tries the DocumenRoot instead of the defined location :S

----------

