Deploying SVN server under Linux

Source: Internet
Author: User
Tags aliases svn client

System Linux Debian 2.6.32-5-686

Install the SVN tool First: Apt-get install subversion and wait patiently for the installation to complete. The SVN client and server are available after the installation is complete.

Build SVN repository directory svnadmin Create truck

[Email protected]:/home/xzc# svnadmin create Truck[email protected]:/home/xzc# cd truck[email protected]: /home/xzc/truck# lsconf  db  format  hooks  locks  readme.txt[email protected]:/ home/xzc/truck# CD conf[email protected]:/home/xzc/truck/conf#  lsauthz passwd Svnserve.conf[email protected]:

You can see that an SVN configuration file has been generated under the established directory. Access to SVN under the default configuration does not require permissions. below to set permissions.
Svnserve.conf is basically configuring the entire SVN permissions, and if you can read the annotations, it should be easy to understand.

# # # This file controls the configuration of the Svnserve daemon,ifyou### Use it for allow access to ThisRepository. (If you are only allow### access through Http:and/or File:urls, then ThisFile is# # # irrelevant.) # # # Visit http://subversion.tigris.org/for more information.[general]### These options control access to the repository forunauthenticated### and Authenticated users. Valid values are"Write","Read", # # and"None". The sample settings below is the Defaults.anon-access =Readauth-access =write### the password-DB option controls the location of the password### database file. Unless specify a path starting with a/, # # # The file's relative to the directory containing### Thisconfiguration file.### If SASL isEnabled (see below), ThisFile is not being used.### uncomment the line below to use thedefaultPassword File.password-db =passwd### the Authz-DB option Controls the location of the authorization### rules forpath-based access control. Unless specify a path### starting with a/, the file's relative to the the# # directory containing ThisFile. If you don'T Specify an# # AUTHZ-DB, no path-based access control isdone.### Uncomment the line belowdefaultAuthorization File.authz-db =authz### This option specifies the authentication realm of the repository.### If both repositories have the same authe  Ntication Realm, they should### has the same password database, and vice versa. thedefaultrealm### isRepository's UUID.Realm =truck[sasl]### This option specifies whether your want to use the Cyrus sasl### library forAuthentication. Default is false. # # # This section would be ignoredifSvnserve isNot built with cyrus### SASL support; To check, run'Svnserve--version'and look fora line### reading'Cyrus SASL authentication is available.'# Use-SASL =true# # # These options specify the desired strength of the security layer
View Code

Anon-access = read    #anon表示未认证用户 (that is, the user is not in the passwd file) and the permissions are readable. Can be set to none. client trying svn merge always reported svn:e220001: encountered unreadable path ; deny access to

auth-access = Write #已认证用户 (that is, there is no user in the passwd file), the permission is writable. Note There is no RW this writing, estimated that there is write permission must have Read permission

Password-db = passwd #用户配置文件, you can specify a different path name.

Authz-db = Authz #用户权限认证配置文件, you can specify a different path name.

Realm = Truck #认证范围

The scope of authentication is actually defined by itself (usually for its own SVN directory or project name, just to remember). For example, I define as truck, then other SVN directory if the authentication scope is also marked as truck in the configuration, then use my authentication, even with my passwd, Authz file. As an example:

Above we have set up aSVN warehouse under/home/xzc/truck, if the company is now open another project, then we need to build an SVN repository for the new project. And this project is by the original project truck member to do, and want to use back the original permission configuration. Svnadmin Create Truck_testanon-access = Readauth-access = write password-db =./... /.. /truck/conf/passwdauthz-db =./... /.. /truck/conf/= Truck  #认证范围

Then, because the certification scope of the two warehouse directories is the same, a certificate file is shared. If the scope of authentication is the same, but the authentication file is not the same, do not know what will happen. The author only says "If two repositories have the same authentication realm, they should has the same password database, and vice versa".
Configure user files below passwd

 is  for   is in for== 1

As you can see, I added a user xzc with a password of 1. note the spaces and the like to avoid authentication errors.
Then the permissions profile Authz

# # # This file isAn example Authorization file forsvnserve.### its format isidentical to, MOD_AUTHZ_SVN authorization### files.### as shown below each section defines authorizations  forThe path and### (optional) repository specified by the section name.### the authorizations follow. An authorization line can refer to:###-a single user,###-a group of users definedincha special [groups] section,###-An alias definedincha special [aliases] section,###-All authenticated Users,usingThe'$authenticated'token,###-Only anonymous users,usingThe'$anonymous'token,###-Anyone,usingThe'*'wildcard.###### A match can is inverted by prefixing the rule with'~'. Rules can### Grant Read ('R') Access, Read-write ('RW') access, or no access### ("'). [aliases]# Joe=/c=xz/st=dessert/l=snake City/o=snake oil, Ltd./ou=research institute/cn=Joe average[groups]# harry_and_sally=harry,sally# Harry_sally_and_joe= harry,sally,&Joelocal_administrator=xzc# [/foo/bar]# Harry=rw#&joe =r#* =# [repository:/baz/fuz]# @harry_and_sally=rw#* =r[/] @local_administrator= R

Not very clear to the first aliases, Guess is an alias. For example, there is a user name called Aa_bb_cc_dd_ee, you think his name is too long too difficult to write, so wrote an alias ABCD = Aa_bb_cc_dd_ee, then the following configuration permissions only need to write ABCD can be. But the original document in the wording really do not understand, too lazy to verify. I don't know if there is any great God.

Groups is the group, for example, you want to divide the management staff into a group, the programmer is divided into a group, a group of people's permissions are the same. The name of the group is at its own discretion. Above I up a local_administrator group, inside only xzc a user, if have multiple, use, number separate.

The following is the permissions setting for the project directory. [Warehouse Name:/path], such as [truck:/] represents the permission settings for the root directory in the truck repository. This is related to the-R parameter of Svnserve, in this case svnserver-d-r/home/xzc/truck boot needs to be configured as [/], which represents the root directory of the-R parameter (/home/xzc/truck), svnserver-d-R/ The home/xzc/parameter is [truck:/]. [/Foo/bar] This is an absolute path, without a warehouse name.

The @ in the @local_administrator means that Local_administrator is a group name instead of a user name, so don't take these symbols with your user name. R indicates that only the Read permission, or RW or w, or NULL, is NULL to indicate what permissions are not available. XZC = RW indicates that the user xzc has read and write permissions. * = R means that all users (prevent too many columns) have Read permission.

Attention:

The 1.authz file is modified to take effect without restarting SVN. PASSWD can do the same, but when adding users to passwd, remember to add the appropriate permissions in Authz.

2. If you encounter "unable to connect to a repository at URL XXX, authentication error" and do not eject the window that allows you to log in again, it is not specified passwd user profile or user profile does not have any users, Or the passwd format is wrong, see http://shuishiwo.iteye.com/blog/1754069.

A 3.authz subdirectory inherits the permissions of the parent directory unless you otherwise set permissions on the subdirectory. Permissions on subdirectories take precedence over inherited permissions. See http://www.cnblogs.com/terryglp/articles/2451398.html.

SVN basic configuration OK, then to start svn (can try Svnserve-help Help): Svnserve-d-r/home/xzc/truck.

-d means running in daemon (background run)

-R is the specified warehouse directory dir path

Next, start another warehouse truck_test

[Email protected]:~$ svnserve-d-r/home/xzc/truck_test/svnserve: Cannot bind server socket: Address already in use

As you can see, because the SVN default port has been used by truck and this cannot be started, you need to specify the port

[Email protected]:~$ svnserve-d--listen-port3691-r/home/xzc/Truck_test[email protected]:~$ Ps-ef |grep svnservexzc1702     1  0  -: +?xx:xx:xxSvnserve-d-r/home/xzc/TRUCKXZC1754     1  0  A:Geneva?xx:xx:xxSvnserve-d--listen-port3691-r/home/xzc/TRUCK_TESTXZC1756  1442  0  A:Genevapts/0    xx:xx:xxgrep svnserve[email protected]:~$

By looking at the process, you can see that two of the warehouse directories have been started. The next step is to use the. If my server IP is 192.168.0.100, note that when check out is svn://192.168.0.100:3690 instead of Svn://192.168.0.100:3690/truck, the name of the warehouse does not appear in the path, svn://192.168.0.100:3690 is actually the/home/xzc/truck directory. However, if you start with the parameter svnserve-d-r/home/xzc, it is Svn://192.168.0.100:3690/truck, but the truck_test is started together on the same port . If it is a path error, the report

If a permission problem is found when check out or commit, consider whether the-R parameter and the Authz parameter are configured correctly

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.