Detailed analysis of svnserve configuration file

--Reference Http://sd.csdn.net/page/d97cc471-e657-4620-997f-efdcc10fd2b7 Svnserve is a lightweight server with SVN, which enables remote access to the SVN version library by using a URL prefixed with svn://or svn+ssh://to access the Svnserve server.

Svnserve can set the user and password through the configuration file, and control the version library access rights by path. This article analyzes the Svnserve configuration file format in detail and explains how to use a configuration file to control library access permissions.

This article describes the SVN version of 1.4.4.

1) Overview of svnserve configuration Files

The Svnserve configuration file typically consists of the following 3 text files:
SVN service profile, the file version of the Library directory in the Conf directory, the file name is svnserve.conf.
Username password file, which is specified in file svnserve.conf and defaults to passwd in the same directory.
Permission profile, which is also specified in file svnserve.conf, and defaults to Authz in the same directory.

2 SVN service configuration file

The SVN service profile is a file conf/svnserve.conf in the version Library directory. The file consists of only one [general] configuration segment.

The configuration line format in the General configuration section is as follows:
< configuration item > = < value >

The configuration items are grouped into the following 5 items:

Anon-access Controls access to the version library by a non-authentication user. The range is "write", "read", and "none."
That is, "write" is readable and writable, "read" is read-only, and "none" means no access.
Default value: Read

Auth-access Controls access to the version library by the authentication user. The range is "write", "read", and "none."
That is, "write" is readable and writable, "read" is read-only, and "none" means no access.
Default value: Write

PASSWORD-DB Specifies the user name password filename. File location is relative to conf unless absolute path is specified
The relative path of the directory.
Default value: passwd

AUTHZ-DB Specifies the permission profile name through which path-based access control can be implemented.
Unless you specify an absolute path, the file location is relative to the Conf directory.
Default value: Authz

realm Specifies the authentication domain for the version library, that is, the authentication domain name that is prompted at logon. If the two-version library
Authentication domain is the same, it is recommended to use the same username password data file.
Default value: A UUID (Universal unique IDentifier, globally uniquely marked).

"description" Version library authentication domain
When using the SVN client to access the Svnserve server, if a user is required to log on, the prompt is as follows:
[Root@test root]# svn list svn://192.168.3.45/test
Authentication realm:0d545a49-4038-0410-99b4-c66dc73f754e
Password for ' root ':
The string displayed after "Authentication realm:" In line 2nd above is the authentication domain name. If the authentication domain is set in the configuration file, a UUID is prompted, as shown above.
If the following configuration items are specified in the configuration file:
Realm = Test
Will be prompted at the SVN client as follows:
[Root@test root]# svn list svn://192.168.3.45/test
Authentication Realm:test
Password for ' root ':

Example 1:SVN service profile conf/svnserve.conf is as follows:
[General]
Anon-access = None
auth-access = Write
Password-db =.. /.. /conf/passwd
Authz-db =.. /.. /conf/authz
Realm = Test

The above configuration file sets the non-authentication user has no access to the version library, the user can read and write to the version library, user name password file is relative version of the library conf directory file. /.. /CONF/PASSWD "; A file with a permission profile that is relative to a version library conf directory". /.. /conf/authz "; The authentication domain for the version library is" test ".

3 User name password file

The username password file is specified by the SVNSERVE.CONF configuration item password-db and defaults to the passwd in the Conf directory. The file is comprised of only one [users] configuration segment.

The configuration line format for the [users] configuration segment is as follows:
< username > = < password >
Note: The password in the configuration line is plaintext without any processing.

Example 2: User name password file conf/passwd is as follows:
[Users]
admin = Admin
Thinker = 123456

Two users were configured in the file, with the username "admin" and "thinker". where "admin" User's password is "admin", "thinker" User's password is "123456".

4) Permissions Profile

The rights profile is specified by the SVNSERVE.CONF configuration item authz-db and defaults to the Authz in the Conf directory. The configuration file consists of a [groups] configuration segment and several version library path permission segments.

The configuration line format in the [Groups] configuration section is as follows:
< user Group > = < user list >
The list of users consists of a number of user groups or user names, separated by commas "," between user groups or user names, using the prefix "@" when referencing user groups (for example, to use the string "@all" to refer to the user group "all").

The segment name of the version library path permission segment is formatted as follows:
[< version Library name >:< path
A segment of the version library path permission segment, such as the version library ABC path/tmp, is named [Abc:/tmp].
You can omit the version library name from the segment name. If you omit the version library name, the version library path permission segment is valid for access control for the same path in all version libraries. For example, the version library path permission segment named "[/tmp]" Sets the access rights for all directory "/tmp" in the version library that references the permission profile.

There are three types of configuration row formats in the version library path permission segment:
< user name > = < permissions >
< user Group > = < permissions >
* = < Permissions >
where "*" means any user; the scope of the permission is ', ' R ' and ' RW ', ' which means that there is no permission for that version of the library path, ' R ' means read-only permission, ' RW ' indicates a read-write permission.
Note: Each row configuration can only be configured with an individual user or group of users.

Example 3: The contents of the rights profile Conf/authz are as follows:
[Groups]
G_admin = Admin,thinker

[admintools:/]
@g_admin = RW
* =

[Test:/home/thinker]
Thinker = RW
* = R

In the above configuration file, a user group "g_admin" is defined, which contains the user "admin" and "thinker". The 2 version library path permission segments are then defined. Among them, the version library "AdminTools" only has the user group "G_admin" to read and write, the other user does not have any permission, the path "/home/thinker" in the Version library "test" only has read and write permission to the user "thinker", the other user only has the readable permission.

5) Summary

In this article, the 3 configuration files for the Svnserve program are described in detail. The SVN administrator can set the username password for the Svnserve service and access to the version library path through these 3 profiles. These profiles take effect immediately after they are saved and do not need to restart the Svnserve service.
It should be emphasized that the configuration file described in this article is only valid for the Svnserve service, that is, the client accesses the version library through a URL prefixed by a svn://or svn+ssh://, and the URL that is prefixed http://, https://, or file:///is not valid.