SVN installation, rights Management in Linux systems

SVN installation

The SVN server operates in 2 ways: Standalone servers and Apache.

Svnserve is lightweight and simpler than Apache, and Svnserve is included in subversion, so as long as subversion is installed it's equivalent to installing a small SVN server. It uses its own set of protocols to communicate. For example, using the http://prefix when accessing Apache, and Svnserve using the svn://prefix.

Here is the introduction of a stand-alone server to operate, the advantage is simple and compact. If you are supporting larger-scale development, it is recommended that you use the Apache server approach; use Svnserver installation here;

1. First create a separate user for SVN so that you can use the security features of the operating system;

2. Add Svnadmin This user to the Sudu group;

3. Installation:

sudo apt-get install subversion

4. Create test directory:

Mkdir/home/svnadmin/test

5. Create a version library:

Svnadmin Create/home/svnadmin/test

4. Import Project

For example, now there is a project, the name is Exampro,

Location/alidata/www/exampro, the project is imported into the local warehouse.

SVN import/alidata/www/exampro file:///home/svnadmin/examPro-m "Import Exampro"

In the previous example, the directory will be copied exampro to the repository;

This project is being incorporated into the server's local warehouse management.

In order to use the SVN synchronization update mechanism, we need to check out a copy of the latest project on the SVN server environment (referred to as a directory for presentation).

$ svn Checkout File:///home/svnadmin/examPro

In this copy, we generally do not make changes, instead, it is used to synchronize updates, and when any changes are made on the development machine and updated to the SVN server, they can be synchronized to the a directory, so that the code in the A directory is the latest code for the entire project, and a Web test environment built using a directory, Is the latest Web test environment;

5. Start SVN service

$ svnserve-d-r/home/svnadmin/exampro

Description Description:

-D indicates that Svnserver is running in "daemon" process mode

-r Specifies the root location of the file system (the root of the version library) so that the client can access the version library without entering a full path.

6. Stop SVN service:

Killall svnserve//Stop Svnserve Service

SVN Rights Management

1.SVN Version Library Directory description

DB: Storing specific data;

Hooks: Hook program storage, such as we want to implement synchronous update operation, here to achieve;

Conf: Configuration file storage

The following specifically said the Conf directory;

The Conf directory has three files:

Svnserve.conf, Authz, and passwd;

2.SVN service profile: svnserve.conf

To view the file, first, the permissions configuration of the anonymous user:

Anon-access = None

auth-access = Write

: For anonymous users, no access rights;

For authorized users, have write permission;

The next section is used to configure which authorization logon mode to use;

Optional password-db, that is, the user name and password are in plaintext stored in the same directory in the passwd file; The advantage is that the efficient configuration is simple, the disadvantage is weak security, clear text is always not so people feel reliable;

The other is authz-db, this way the user password using SASL encryption, security is guaranteed;

Select the setting in this way to comment out the password-db:

# password-db = passwd

Authz-db = Authz

#指定授权所属的域, the comrade of C + + can interpret it as the name space;

Realm = Exampro

Next is the [SASL] section, which identifies whether to perform SASL encryption processing;

USE-SASL = True

min-encryption = 128

Max-encryption = 256

Variable min-encryption and max-encryption control the encryption strength required by the server.

3. Detailed permissions configuration file Authz:

This is the authorization database, which is used to configure the access rights of the specified directory to the user;

The first is to specify a user group, and assigning permissions by group is always convenient, even if your team is only one person in a group. When you join a new member, you will be able to appreciate the convenience of assigning permissions in groups;

[Groups]

G_fronter=cuicc,gdii

G_vip=coo

G_doc=yhh

[exampro:/]

@g_vip =RW

@g_fronter =r

@g_doc =r

[Exampro:/protected/modules]

@g_vip =RW

@g_fronter =

*=

[Exampro:/protected]

@g_doc =

For the above code configuration details, you can refer to the reference article [1]SVN permission configuration, which introduced a more detailed, here is not much to say, have questions please leave a message or mail;

SVN uses SASL encryption

1. Configure svnserve.conf, comment off password-db = passwd

and enable SQSL:USE-SASL = True

2. Create a new svn.conf file, usually placed in/USR/LIB/SASL2 or/ETC/SASL2, which reads:

Pwcheck_method:auxprop

Auxprop_plugin:sasldb

Sasldb_path:/home/svnadmin/config/sasldb

Mech_list:digest-md5

Where Sasldb_path specifies the location where you intend to place the SASL encrypted database;

Note: Pwcheck_method indicate the method of inspection, here is "Auxprop", this pwcheck_method also corresponds to start a proxy as a certification service, and so on, and now means to use this document said the way to check. Then we indicate that Auxprop_plugin is sasldb, that is, use a file to store the username password, that is/HOME/SVN/SVNJIAMI/SASLDB, the other authentication information is stored plugin as well as SQL and ldapdb. And Mech_list indicates the authentication information transmission mechanism.

Svnserve is already running and you need to restart the service and make sure it reads the updated configuration parameters

Killall svnserve//Stop Svnserve Service

SVNSERVE–D–R/HOME/SVN//Start Svnserve Service

3. Create user and password

Using the SASLPASSWD2 program

Syntax: saslpasswd2–c–f/home/svn/jiami/sasldb–u [realm name svnserve.conf inside] [username]

Eg:saslpasswd2-c-f/home/svnadmin/config/sasldb-u Exampro Colin

There will be interactive interface, prompt input two times password;

Report:

Saslpasswd2-d-F home/svnadmin/config/sasldb-u User name//delete user

Sasldblistusers2-f/home/svnadmin/config/sasldb//query users

PS: If you visit the library with the following prompts "could not obtain" the list of SASL mechanisms, because Linux does not install DIGEST-MD5 by default, the following commands can be used to install the update: Yum install CYRUS-SASL-MD5, CYRUS-SASL-MD5 Home: http://asg.web.cmu.edu/sasl/, installation package download address: ftp://ftp.andrew.cmu.edu/pub/cyrus/

Configuration complete;

Sync to server other directory when SVN uploads

svn/exampro/hooks/directory:

Can see a bunch of template hook file, we need is Post-commit.tmpl,

Copy a copy, named Post-commit. then revise;

1. Setting up the language environment:

#这行比较重要, you need to choose the right language environment according to your server environment, otherwise, this update will not work;

#export LANG=ZH_CN. UTF-8

Export Lang=en_us. UTF-8

2. Set up a directory to synchronize updates when SVN updates

SVN update/alidata/www/examplepro--username yoursname--password yourpwd

This line shows that when the SVN server version is updated, it is synchronized to the corresponding file in the/alidata/www/exampro directory; yoursname and yourpwd are the username and password you set in SASL; You can assign a user to the SVN version library with only global Read permissions)

3. Output log, easy to trace the query

Echo ' WhoAmI ', $REPOS, $REV >>/home/svnadmin/exampro/hooks/svn_hook.log

Whenever there is an update, a statement is inserted in the update log indicating when the update was made, (this can also be used to configure the environment for debugging and to query whether synchronization is effective)

Our configuration is here to complete;

Now SVN has the functionality of versioning, and synchronizing the updated directory is good for testers to integrate testing;

The developer needs to be sure that the version that is checked into the SVN library at any time is a code that can be run.