HgWebDir push permission denied error

Question

I have a new Fedora 12 server that I am attempting to set up Mercurial on. I have yum installed mercurial, and most things seem to work fine. However, after setting up hgwebdir.cgi through apache, I am unable to do an hg push to the only repo currently being hosted. The error I get back is:

searching for changes
abort: HTTP Error 500: Permission denied: .hg/store/lock

httpd is running as user apache

UID        PID  PPID  C STIME TTY          TIME CMD
root      1691     1  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1694  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1695  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1696  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1697  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1698  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1699  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1700  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd
apache    1701  1691  0 13:19 ?        00:00:00 /usr/sbin/httpd

and I set permissions so that the apache user owns the whole repo and everything. In a last ditch attempt, I even made the repo globally writable.

[root@builds .hg]# ll
total 424K
drwxrwxrwx.  3 apache apache 4.0K 2010-04-19 14:43 .
drwxrwxrwx. 19 apache apache 4.0K 2010-04-15 13:33 ..
-rw-rw-rw-.  2 apache apache   57 2010-04-13 11:42 00changelog.i
-rw-rw-rw-.  1 apache apache   93 2010-04-16 15:33 branchheads.cache
-rw-rw-rw-.  1 apache apache 192K 2010-04-15 13:33 dirstate
-rw-r--r--.  1 apache apache  156 2010-04-19 14:43 hgrc
-rw-rw-rw-.  1 apache apache   42 2010-04-15 13:33 last-message.txt
-rw-rw-rw-.  2 apache apache   23 2010-04-13 11:42 requires
drwxrwxrwx.  4 apache apache 4.0K 2010-04-19 11:26 store
-rw-rw-rw-.  1 apache apache   45 2010-04-14 14:08 tags.cache
-rw-rw-rw-.  1 apache apache    7 2010-04-16 15:33 undo.branch
-rw-rw-rw-.  1 apache apache 192K 2010-04-16 15:33 undo.dirstate
[root@builds .hg]# cd store
[root@builds store]# ll
total 308K
drwxrwxrwx.  4 apache apache 4.0K 2010-04-19 11:26 .
drwxrwxrwx.  3 apache apache 4.0K 2010-04-19 14:43 ..
-rw-rw-rw-.  1 apache apache  20K 2010-04-16 15:33 00changelog.i
-rw-rw-rw-.  1 apache apache  81K 2010-04-16 15:33 00manifest.i
drwxrwxrwx. 17 apache apache 4.0K 2010-04-13 11:47 data
drwxrwxrwx.  3 apache apache 4.0K 2010-04-13 11:43 dh
-rw-rw-rw-.  2 apache apache 177K 2010-04-15 11:03 fncache
-rw-rw-rw-.  1 apache apache   67 2010-04-16 15:33 undo

I have a clone of the repo elsewhere on the machine running as a different user. If I set the the default value in the [paths] section of the clones hgrc file to the local filepath on the server, the push works fine, but if I switch it to use the url, I get the error every time.

Some possible quirks in how I've set this up... hgwebdir.cgi is sitting in /var/www/cgi-bin and the repo is a child of /opt/hg. I turned off suexec as well, and this doesn't seem to clear up the issue. The only line I added in the apache config to get hgwebdir running is:

ScriptAlias /hg "/var/www/cgi-bin/hgwebdir.cgi"

The hgweb.config is also in /var/www/cgi-bin and it's contents are:

[collections]
/opt/hg = /opt/hg

[trusted]
users = *

[web]
baseurl = /hg
push_ssl = false
allow_push = *

The repo browser is working fine, it's just push that doesn't work. Apache error_log doesn't have anything in about this error at all.

Answer 1

For me it was the permissions were set wrong on the server. A chown -R www-data /path/to/repo (on the server) fixed it all up for me... maybe this is different for you. Good luck.

Answer 2

I had a similar problem on Ubuntu. The problem stopped when I loosened the permissions on the .hg directory.

I did a chmod -R 777 .hg from the repo directory. After that, everything worked. I still need to play around to find the minimally permissive option that permits pushes, but this works on our internal dev server.

Answer 3

Instead of 777, with the webserver running under the group apache, and your repositories in /opt/hg:

Execute sudo chown :apache /opt/hg -R to add the repositories to the apache group and sudo chmod g+w /opt/hg -R to give write access to the group. This way you just give enough permissions.

BTW under Ubuntu the apache process runs under www-data instead of apache.