fixing an SVN 500 error after editing the .access and .passwd files

Question

Hi guys,

I've run into an issue with SVN, and I'm not quite sure how to fix it. Here's the history of what's been done and what the error messaging is, and hopefully we can converge on a fix. Here goes:

While away on vacation, another part of my team who didn't really know how to use svn wanted to edit our webpage. He couldn't get the right combo of username and password, so he ssh'ed into our server and then added his name and password directly to the .access and .passwd svn files. After this didn't work, he deleted these lines. After a while, he gave up. I'm not sure if he did anything else.

Once I returned, I found out that any changes on files I'd checked out onto my own computer could no longer be committed to the repository. The error messaging was a 500 Internal Server Error.

I thought that in editing the .access and .passwd files that perhaps this guy had altered appropriate whitespace. I tried editing these files so that there was a "\n" and so there was no escape character at the end of the line with the correct user information, but to no avail on either approach.

The only other piece of information I have is that if I check the server error logs for svn, it has the following:

[Fri Oct 02 12:13:35 2009] [error] [client ...] File does not exist: /home/domain/svn.domain.com/failed_auth.html

[Fri Oct 02 12:13:35 2009] [error] [client ...] (13)Permission denied: Could not open password file: /home/domain/svn/domain.passwd

[Fri Oct 02 12:13:35 2009] [error] [client ...] (13)Permission denied: Could not open password file: /home/domain/svn/domain.passwd

[Fri Oct 02 12:13:35 2009] [error] [client ...] File does not exist: /home/domain/svn.domain.com/internal_error.html

I looked a little into the Permission Denied error, and some forums said that I could just change permissions to make 'apache' have access to this file, but 1) I don't know why svn wouldn't be working now if it was working before and no file permissions had been changed and 2) I don't know much about security, and by changing file permissions without really knowing what the implications are I don't want to compromise the safety of my site (so, if this is what I need to do to fix the problem, maybe all I'm looking for is assurance that this will be safe and perhaps a couple sample commands so I set the right permissions).

Sorry for the long question, but any help would be realllllly appreciated. I don't want to have to set up svn again.

Answer 1

I was able to fix the problem, so I thought I would post it here, just for future reference if anyone else ever encounters the same issue:

One thing that I didn't mention (because I didn't realize this would be important) is that my website is hosted by Dreamhost. Dreamhost offers its own Subversion installation system. I was on my way to creating a new subversion repository using the Dreamhost admin panel when I thought I would just check out what the panel was saying about the broken repository.

I went into the edit panel for the current svn domain, and looked at the user access usernames and passwords. The name and password were the original ones, and I thought I'd just delete an extra line from the text field, and then submit the changes. Whatever Dreamhost is doing behind the scenes, refreshing the username and password via the Dreamhost subversion admin panel seemed to fix it, and now it's back up and running!

Answer 2

Ok, I figured this out. The dreamhost .access and .password files for SVN are owned by the dhapache user. If you edit them directly you will take ownership of the files. This will then cause all sorts of authentication issues because SVN won't read these files anymore.

I did find a workaround that allows me to edit the files and setup more complex permissions. Have dreamhost create the files, then create your own copies of the files. Edit the copies then: cp myaccess.access project.access

This keeps the permissions assigned to the dhapache user and allows you to change the access file as needed.