Can't open file 'svn/repo/db/txn-current-lock': Permission denied

Asked 6/6, 2009 at 18:20 Answered 24/11, 2023 at 10:42

I have set up a Linux Server and installed Apache and SVN and dav_svn on it. Now, when I try to upload to https://x.x.x.x:x/svn/repo with Tortoise SVN I get

Can't open file '/server/svn/repo/db/txn-current-lock': Permission denied

I have Set up my SSL correctly (I can checkout, no problems, even remotely due to Port Forwarding).

I'm guessing this has to do with the Linux Ownership of the Repository folders, How must I set this/ what are the commands?

Trussell answered 6/6, 2009 at 18:20 Comment(3)

just to make sure this is the problem give a 777 on all. – Heteronym 6/6, 2009 at 18:26

a 777? What do you mean? – Trussell 6/6, 2009 at 18:51

@Trussell » I updated my answer to include additional info related to permissions, since you seem puzzled about that. – Nochur 6/6, 2009 at 19:3

This is a common problem. You're almost certainly running into permissions issues. To solve it, make sure that the apache user has read/write access to your entire repository. To do that, chown -R apache:apache *, chmod -R 664 * for everything under your svn repository.

Also, see here and here if you're still stuck.

Update to answer OP's additional question in comments:

The "664" string is an octal (base 8) representation of the permissions. There are three digits here, representing permissions for the owner, group, and everyone else (sometimes called "world"), respectively, for that file or directory.

Notice that each base 8 digit can be represented with 3 bits (000 for '0' through 111 for '7'). Each bit means something:

first bit: read permissions
second bit: write permissions
third bit: execute permissions

For example, 764 on a file would mean that:

the owner (first digit) has read/write/execute (7) permission
the group (second digit) has read/write (6) permission
everyone else (third digit) has read (4) permission

Hope that clears things up!

Nochur answered 6/6, 2009 at 18:31 Comment(9)

Thanks, this helps. I changed the owner to the www-data user, And was able to commit my changes. Is there a good site to learn how chmod works? I cant seem to find any pattern behind the numbers (664?) – Trussell 6/6, 2009 at 18:54

The man page of chmod explains the octal numbers. You can also use characters at least on Linux distributions since several years -- chmod -R a+rwx * is somewhat more understandable to most humans. – Blackboard 6/6, 2009 at 21:53

Genius! Thanks a lot, I never knew Linux was THAT sophisticated. – Trussell 8/6, 2009 at 8:43

I solved this problem on Windows Server 2003 by giving full control of the repository directory to the svn user. – Tetter 5/1, 2010 at 21:30

The top part of your answer -- in grey highlight -- says chmod 664, but I think you meant 764? – Ebonee 15/12, 2010 at 22:25

@Encoderer: No, 664. You usually don't want to make a svn repo executable except in limited cases. – Nochur 29/12, 2011 at 23:3

To prevent problems with directories, try this: find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \; – Georg 3/7, 2012 at 18:59

Depending on your configuration you may actually want chmod -R 770 repoName, otherwise users might receive the message Could not open the requested SVN filesystem. – Ecosystem 2/5, 2013 at 8:37

chmod -R 774 did it for me or I couldn't commit as another user through svn+ssh. – Cerelia 12/4, 2016 at 9:57

It's permission problem. It is not "classic" read/write permissions of apache user, but selinux one.

Apache cannot write to files labeled as httpd_sys_content_t they can be only read by apache.

You have 2 possibilities:

label svn repository files as httpd_sys_content_rw_t:

chcon -R -t httpd_sys_content_rw_t /path/to/your/svn/repo

set selinux boolean httpd_unified --> on
```
setsebool -P httpd_unified=1
```

I prefer 2nd possibility. You can play also with other selinux booleans connected with httpd:

getsebool -a | grep httpd

Exportation answered 29/5, 2011 at 11:8 Comment(3)

The problem with option 1 is that if the file system ever gets relabeled again (happens sometimes on reboot), then your changes are gone. A better option (which I prefer over your option 2) is to "teach" SELinux's policy that its OK for apache to write to certain directories: semanage fcontext -a -t httpd_sys_content_rw_t "/path/to/your/svn/repo(/.*)?" and then relabel this path using restorecon -R /path/to/your/svn/repo. This is more secure because you use SELinux for what it is designed: specifying exactly what is allowed and what isn't. – Hurless 14/11, 2011 at 17:13

+1 if that seems a bit overkill, you can disable SELinux at all following docs.fedoraproject.org/en-US/Fedora/13/html/… – Softfinned 22/10, 2014 at 17:32

This may have changed between Red Hat/CentOS/... generations. For things to work on an RHEL 7.3 installation, I had to do the following: semanage fcontext -a -t httpd_sys_rw_content_t "/SOME/PATH/TO/repos/.*" followed by restorecon -R /SOME/PATH/TO/repos followed by systemctl restart httpd (The last command might not be needed, though.) – Wellfed 2/6, 2017 at 14:28

I also had this problem recently, and it was the SELinux which caused it. I was trying to have the post-commit of subversion to notify Jenkins that the code has change so Jenkins would do a build and deploy to Nexus.

I had to do the following to get it to work.

1) First I checked if SELinux is enabled:

    less /selinux/enforce

This will output 1 (for on) or 0 (for off)

2) Temporary disable SELinux:

    echo 0 > /selinux/enforce

Now test see if it works now.

3) Enable SELinux:

    echo 1 > /selinux/enforce

Change the policy for SELinux.

4) First view the current configuration:

    /usr/sbin/getsebool -a | grep httpd

This will give you: httpd_can_network_connect --> off

5) Set this to on and your post-commit will work with SELinux:

    /usr/sbin/setsebool -P httpd_can_network_connect on

Now it should be working again.

Unreeve answered 14/3, 2013 at 11:52 Comment(2)

Something weird happens to me. If i set selinux enforce to 0 I can commit changes and the repository will notify jenkins and the job will get executed, etc. But when I set the enforce back to 1 and the httpd_can_network_connect on I get the svn: E000013: Commit failed (details follow): svn: E000013: Can't open file '/usr/share/svn-repositories/ci_repo/db/txn-current-lock': Permission denied when I try to commit. The folder's repository owner is apache. I also tried setting the permissions to 766 as recommeded by @JohnFerminella. What are the repercussions of having the enforce 0? – Rosalindarosalinde 31/7, 2013 at 23:25

I just enforced to 0 before disabling SELinux. Now it works perfectly to me. – Softfinned 22/10, 2014 at 17:34

for example on debian

sudo gpasswd -a svn-admin www-data
sudo chgrp -R www-data svn/
sudo chmod -R g=rwsx svn/

Putout answered 17/2, 2012 at 13:41 Comment(0)

In addition to the repository permissions, the /tmp directory must also be writeable by all users.

Berthaberthe answered 29/4, 2012 at 18:44 Comment(0)

I just had this problem

Having multiple user using the same repo caused the problem
Logout evey other user using the repo

Hope this helps

Guthrey answered 16/7, 2013 at 12:5 Comment(0)

3 Steps you can follow

chmod -R 775 <repo path>  
---> change permissions of repository

chown -R apache:apache <repo path>  
---> change owner of svn repository

chcon -R -t httpd_sys_content_t <repo path>  
----> change SELinux security context of the svn repository

Inseparable answered 18/5, 2017 at 5:34 Comment(0)

I solve this issue by delete txn-current-lock.

Vibrate answered 24/11, 2023 at 10:42 Comment(0)

-1

Try to disable SELinux by this command /usr/sbin/setenforce 0. In my case it solved the problem.

Darien answered 14/6, 2010 at 16:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Update to answer OP's additional question in comments:

Recommended topics

Hot tags