Installation of SVN server-side methods and Directory Access configuration on CentOS 6.5 systems (summary)

Source: Internet
Author: User
Tags svn client svn update temporary file storage ultraedit tortoisesvn






SVN is actually subversion, which is divided into server-side and client. Before the online search a lot of methods, all have a variety of problems, after their own collection and finishing and actual attempt, finally there is a more reliable method. This article mainly introduces the methods and steps of installing SVN server side on CentOS 6.5 system.



The system environment is described as follows :



Operating system: Centos6.5 x86-64



svn:subversion-1.8.11



1 , check if a lower version of SVN is installed



Rpm-qa | grep subversion



If SVN is installed, the version information is returned, such as: subversion-1.6.11-9.el6_4.i686



Uninstall old version svn



Yum Remove Subversion



2 , install SVN



Yum–y Install Subversion



3 , check that the installation is successful



Svnserve–version



return value:



Svnserve, Version 1.8.11



Compiled Jul, 21:32:09 on I686-pc-linux-gnu



Copyright (C) the Apache software Foundation.



This software consists of contributions made by many people;



See the NOTICE file for more information.



Subversion is open source software, see http://subversion.apache.org/



The following repository back-end (FS) modules is available:



* Fs_fs:module for working with a plain file (FSFS) repository.



Cyrus SASL authentication is available.



4 , code base creation



Mkdir-p/opt/svn/repositories



Svnadmin create/opt/svn/repositories



After executing the above command, set up the repositories library automatically, view the/opt/svn/repositories folder discovery contains Conf,db,format,hooks,locks, README.txt and other files, stating that an SVN repository was established.



5 , configure code base



Go to the folder created above conf, configure



Cd/opt/svn/repositories/conf



5.1 User Password passwd configuration



VI passwd



The contents of the passwd file are as follows:



# # # This file is a example password file for Svnserve.



# # # Its format was similar to that of svnserve.conf. As shown in the



# # # example below it contains one section labelled [Users].



# # # The name and password for each user follow, one account per line.



[Users]



# Harry = Harryssecret



# sally = Sallyssecret



Test = 123456789 # #Add user username and password



5.2 Permissions Control Authz configuration



VI Authz



The purpose is to set which users can access which directories, the contents of the Authz file are as follows:



# # # This file is a example authorization file for Svnserve.



# # # Its format was identical to that of MOD_AUTHZ_SVN authorization



# # files.



# # as shown below each of defines authorizations for the path and



# # # (optional) repository specified by the section name.



# # # The authorizations follow. An authorization line can refer to:



# # #-a single user,



# # #-a group of users defined in a special [groups] sections,



# # #-an alias defined in a special [aliases] section,



# # #-All authenticated users, using the ' $authenticated ' token,



# # #-Only anonymous users, using the ' $anonymous ' token,



# # #-anyone, using the ' * ' wildcard.



###



# # # A match can is inverted by prefixing the rule with ' ~ '. Rules can



# # # Grant Read (' R ') access, read-write (' RW ') access, or no access



### (‘‘).



[Aliases]



# Joe =/c=xz/st=dessert/l=snake City/o=snake oil, ltd./ou=research Institute/cn=joe Average



[Groups]



# harry_and_sally = harry,sally



# Harry_sally_and_joe = Harry,sally,&joe



# [/foo/bar]



# Harry = RW



# &joe = R



# * =



# [Repository:/baz/fuz]



# @harry_and_sally = RW



# * = R



[/]



Test = RW



Set [/] to represent all resources under the root directory



5.3 Service svnserve.conf Configuration



VI svnserve.conf



The contents of the svnserve.conf file are as follows:



[General]



#Anonymous access permissions, can be read,write,none, default is read



Anon-access=none



#Make authorized users have write access



Auth-access=write



#Path to the password database



password-db=passwd



#Access control file



Authz-db=authz



#Authentication namespace, Subversion is displayed in the authentication prompt and is used as a keyword in the credential cache



Realm=/opt/svn/repositories



Start SVN service



Svnserve-d-r/opt/svn/repositories



6 , view svn Process



Ps-ef|grep svn|grep-v grep



Return



Root 20850 1 0 Jul24? 00:00:00 svnserve-d-r/opt/svn/repositories



7 , view svn ports to listen on



Netstat-ln |grep 3690



8 , stop starting SVN



Killall Svnserve #stop



Svnserve-d-r/opt/svn/repositories #start



9 , install SVN Client



Currently the most popular SVN client is non-TORTOISESVN



Download installation



Http://sourceforge.net/projects/tortoisesvn/files/latest/download?source=dlp



Client Connection Address : svn://The IP address of the public network or intranet, sometimes need to add port number



User name/ password : test/123456789 # #要和之前设置的用户名和密码匹配To match the previously set username and password






Attention:



The default port is 3690, if the port is occupied, or if you need to modify the port, use the following statement



svnserve-d-r/opt/svn/repositories--listen-port 3691









SVN implements granular Directory access control (reprint)



Starting from a practical example, this paper introduces how to use the directory management function of Subversion to realize the control of fine access to the project directory. At the same time, it describes some places to be aware of in the course of configuration, such as the processing of Chinese.


1 To-do list
Describes the details of the import when the code base is initially created
On the issue of plaintext password of passwd.conf file and its processing method
about using Apache instead of Svnserve.exe as a server to implement non-plaintext passwords and to implement SSL
After using Apache, the department manager wants toWebCheck the log for issues
2 Preface
In practice, because the project's directory itself is a part of the repository, it isSVNMilo, so we can not take advantage of the server operating system access rights to achieve the project Directory access control. So, this problem only has to be solved by SVN itself.
Previous versions of Subversion 1.3 can only be implemented using the Mod_authz_svn.so module, in conjunction with the Apache server.Directory AccessControl, which is not very convenient for people who are not familiar with the configuration and use of Apache (for example, my humble opinion). and subversion finally added this feature to the Svnserve.exe server in version 1.3. This article describes how to configure a code library configuration file to allow Svnserve.exe to achieve granular directory accessPermission Control
This article is based on Subversion 1.3.2, MS Windows 2003ServerEdition platform, and the Subversion server is built using Svnserve.exe. However, the vast majority of what is covered in this article is not only platform-agnostic, but also largely unrelated to the use of Svnserve (. exe) or Apache as a Subversion server.
This article is written in the ReST format, and if you are interested in it, please visit http://docutils.sourceforge.net/rst.html. If you want to see a better HTML format, you can copy this article throughout a text file, and then compile it with Docutils's rst2html.py script, of course, first you mustinstallationPython. or direct access to http://swjr.blog.com.cn/archives/2006/TheRoadToSubversion1authz.shtml, but before the final release, I cannot guarantee that its content will be up to date.
This article is intended for those who are Subversion administrators, or anyone who is interested in subversoin. This article assumes that the reader has a certain understanding of subversion and therefore does not intend to make a detailed description of all the installation and use involved. If you have questions about the technical details described in this article, please visit the reference in the "References" section. If you have any comments on any part of this article, or if you find that this article has a large and small error, please contact zhengxinxing gmail com.
3 combat
This chapter first gives the requirements and their final results, if you feel you have any questions about the configuration, or do not understand, please do not worry, I will describe in detail in the following chapters.
3.1 Background assumptions
Xiamen Central Instantaneous Company is an electronic component equipment supplier, which has an ARM department, specifically responsible for ARM chip solutionsDesign, sales, and set up an office in Beijing and Shanghai. For the work log, originally sent to the manager by mail, but this way has a drawback, that is, there is no continuity, to see the previous log must be a lunar mail to see, very troublesome. So the idea of using Subversion, let employees edit the log on their own computer, and then use SVN to send back, it is convenient for the staff to write their own logs, but also convenient to the log file processing, and submit the log only need to execute the SVN update, more simple than sending the message.
SVN Server Related Information
Server address: 192.168.0.1
Server Os:ms Windows Edition Chinese version
Code base Local Directory: D:\svn\arm
The directory structure of ARM department documents is as follows: ARM Department name
├─diary Working log Directory
│├─headquarters Headquarters Working log directory
│├─beijing Beijing Office Log Directory
│└─shanghai Shanghai Office Log Directory
├─ref company public File Reference directory
└─temp Temp file directory
Personnel situation
Morson, the general manager of the company, in fact, he does not have to see anything personally, even the department manager's weekly summary is not necessarily read. But in order to show respect for him and to satisfy his desire for power, he opened the "Read all Documents" permission.
Department Manager of the Michael,arm division, when it's okay, like to get some new technology, to manage the logs with SVN, that's the idea he gets along with.
Scofield, Beijing office staff, old staff, slippery and difficult to manage
Lincon, Shanghai office staff, old staff, big honest man a
Linda, Headquarters Coordinator, Secretary, good writing, good looks
Rory, SCM Technician, technical support
Access Rights requirements Analysis
Allow general Manager to read all files
In addition to the department manager, all other personnel can only see the staff of the Office logbook
Do not allow anonymous access
The ref directory allows only managers and secretaries to write, read only to other people
Temp directory Everyone can write
3.2 Building a code base
Under the server D:\SVN directory, create an arm code base, with the following command: D:\svn>svnadmin create arm
In the client F:\temp directory, set up the above directory structure.
Import the structure with the command F:\TEMP>SVN import arm svn://192.168.0.1/arm
"Note: Minor differences in import time"
3.3 Editing the codebase base configuration file
Edit the code base arm\conf\svnserve.conf file as follows: [General]
Password-db = passwd.conf
Anon-access = None
auth-access = Write
Authz-db = authz.conf
3.4 Managing user Accounts
Create a new code base arm\conf\passwd.conf file, as follows: [Users]
Morson = Showmethemoney
Michael = Mysecretpassword
Scofield = Hellolittilekiller
Lincon = asyouknows111
Rory = 8809117
Linda = IlikeWorldCup2006
3.5 Creating a Directory access control file
Create a new code base arm\conf\authz.conf file with the following contents: [Groups]
G_VIP = Morson
G_manager = Michael
G_beijing = Scofield
G_shanghai = Lincon
G_headquarters = Rory, Linda
G_docs = Linda
[arm:/]
@g_manager = RW
* = R
[Arm:/diary/headquarters]
@g_manager = RW
@g_headquarters = RW
@g_vip = R
* =
[Arm:/diary/beijing]
@g_manager = RW
@g_beijing = RW
@g_vip = R
* =
[Arm:/diary/shanghai]
@g_manager = RW
@g_shanghai = RW
@g_vip = R
* =
[Arm:/ref]
@g_manager = RW
@g_docs = RW
* = R
[Arm:/temp]
* = RW
3.6 Testing
On the server, open a DOS Prompt window and enter the following command: SVN co svn://127.0.0.1/arm--no-auth-cache--username Rory--password 8809117
We should get the following directory structure: ARM
├─diary
│└─headquarters
├─ref
└─temp
Then modify any file in the ref directory and submit it, the server will report an error "Access Deni"
4 in depth
This chapter details the two configuration files involved in the previous chapter, svnserve.conf and Authz.conf, which illustrate some of the details by configuring a line-by-row description.
The first thing to note here is that a valid configuration line for any configuration file does not allow for a preceding space, or the program will not be recognized. In other words, if you copy the relevant configuration line directly from the plain text format of this article, you need to manually delete the preceding 4 spaces. Of course, if you feel you want to delete a lot of rows of the same number of front space is a hard work, then perhaps UltraEdit "Column mode" editing mode, can give you a lot of help.
4.1 svnserve.conf
The arm\conf\svnserve.conf file, which is the configuration file for Svnserve.exe This server process, is explained by line as follows.
First, we tell Svnserve.exe that the username and password are placed under the passwd.conf file. Of course, you can change to any valid file name, such as the default is passwd:password-db = passwd.conf
The next two lines mean that only authenticated users are allowed to access the code base. So what are "authenticated" users? Oh, of course, that's the guy who said in front of the passwd.conf file that holds the username and password. After these two lines of equal sign, currently only allow read write none three kinds of values, if you want to implement some special values, such as "read-once" and so on, it is recommended that you change the source code, anyway it is free software: anon-access = None
auth-access = Write
Next is the most critical sentence, it tells Svnserve.exe that the project Directory access rights related configuration is placed in the authz.conf file: authz-db = authz.conf
Of course, when SVN 1.3.2 introduced this feature, the system uses Authz instead of authz.conf as the configuration file by default. However, because I am a Virgo, there is a strong perfectionism complex, looking at the svnserve.conf suffix and passwd and Authz No is uncomfortable, just want to change.
4.2 authz.conf User Group
arm\conf\authz.conf file configuration section, can be divided into two categories, "[Group]" is a class, which contains all the user group information. The rest begins with [arm:/], and each section is a directory corresponding to the project, and its directory-related permissions are set in this section.
First, we manage people in groups so that we can change things as little as possible later because of changes in personnel. We have set up a total of 5 user groups, grouping names uniformly using the g_ prefix to facilitate identification. Of course, the group members are separated by commas: [Groups]
# Anyone who wants to view all documents in a non-departmental
G_VIP = Morson
# Manager
G_manager = Michael
# Beijing office Staff
G_beijing = Scofield
# Shanghai Office Staff
G_shanghai = Lincon
# General Staff at Headquarters
G_headquarters = Rory, Linda
# Small Secret, writing documents
G_docs = Linda
Notice that no, Linda This account also exists in the "Headquarters" and "document clerk" two groups inside, this is not my old eyes dim wrong, because Svnserve.exe allow me to set this. It means that this guy will have more authority than his colleague Rory, which is really handy. What's more specific? Please look down!
4.3 authz.conf project root directory
We then made a restriction on the project root directory, which only allowed the manager of the ARM division to modify, and others could only look at it: [arm:/]
@g_manager = RW
* = R
[arm:/] represents the relative root node of the directory structure, or the root directory of the ARM project
The @ here means that the next is a group name, not a user name. You can of course replace the line @g_manager = RW with michael = RW, and the meaning is exactly the same.
* means "everyone except those mentioned above", which is "everybody except the department manager", and of course the general manager, the strange old man.
* = R means "Those who can only read, cannot write"
4.4 authz.conf Project Sub-directory
Then, we will open the log directory to the headquarters personnel to read and write permission: [Arm:/diary/headquarters]
@g_manager = RW
@g_headquarters = RW
@g_vip = R
* =
I bet that the guys who design svn are mostly working on the Unix/linux platform, so they always like to use/to identify subdirectories and completely ignore the same thing in MS Windows. So here, in order to represent arm\diary\headquarters This directory, we have to use a format like [Arm:/diary/headquarters].
The last line of * = indicates that no one is allowed to access this directory except managers, headquarters personnel and special persons. Can this line be omitted?
The reason why we need to add @g_vip = R Here is that this explanation exists. If you don't explicitly give the general manager the power to read, he will be excluded, just like everyone else.
If there are people in the middle of the crossing who have played firewall configuration, you may feel familiar with the above configuration. But here's a bit different from the firewall configuration, that is, the configuration lines between each other, there is no sequencing one said. That is, if I move the * = line of this paragraph to the front, it does not affect the final effect of the entire configuration at all.
Note here that we did not set the permissions for the Arm\diary directory, and jumped directly to its subdirectory to set it up. Of course I did it on purpose, because I wanted to introduce the concept of "inheritance" here.
Permissions inherit any subdirectory that inherits all the permissions of its parent directory, unless it itself is explicitly set to other permissions. That is, after setting permissions in the Arm directory, the Arm\diary directory is not set, which means that it has the same permissions as the arm directory, that only managers have permission to read and write, and that others can only despair.
"* = Whether you can omit" "to introduce an inheritance problem that overrides" single-user Permissions "" Parent directory permissions integration and full coverage issues "
Now let's see.
Well, we now have the power of "inheritance", which saves us a lot of time to hit the keyboard. But now there's another problem,
Property with overwrite properties if the property is set, the parent directory is completely overwritten.
4.5 authz.conf other points of attention
The R permission of the parent directory, and the effect of the subdirectory W permissions
This problem is specifically raised, because in 1.3.1 and its previous version, there is a bug, that is, in order to write permissions to the subdirectory, the project first directory must have read permissions. So now with the 1.3.2 version, it's convenient for administrators who want to put multiple independent projects in one code inventory to assign permissions. For example, the company set up a large code base for all employee logs, called Diary, and arm division is just one of the departments, you can do this: [diary:/]
@g_chief_manager = RW
[Diary:/arm]
@g_arm_manager = RW
@g_arm = R
This allows the Svn://192.168.0.1/diary/arm URL to be used as a root directory for all arm business, regardless of whether it is actually a subdirectory, and when a few curious people try to checkout As soon as you svn://192.168.0.1/diary, you'll get a warning "Access Deni", wow, that's cool.
Default Permissions
What happens if I don't set any permissions on a directory? Do an experiment now, will: [diary:/]
@g_chief_manager = RW
Change to: [diary:/]
# @g_chief_manager = RW
This is equivalent to nothing set. On my SVN 1.3.2 version, no access is allowed at this time. In other words, if you want someone to access a directory, you must explicitly indicate this. This strategy appears to be consistent with the firewall's strategy.
A small side effect of read-only permissions
If set: [Arm:/diary]
* = R
Then svnserve that no one is allowed to alter the diary directory, including deletions and renaming, and additions.
In other words, if you create a directory at the beginning of the project, accidentally write the wrong directory name, for example, due to spelling errors written dairy, and later unless you change the authz.conf inside the line settings, otherwise you cannot use the SVN MV command to correct the wrong directory.
5 improvements
5.1 Support for Chinese catalogs
At work in the morning, Morson came to Michael's desk and said, "Can you change our Beijing office, the Shanghai Office catalogue to Chinese, and look at those pinyin I feel very uncomfortable?" Michael thought, fortunately, these two days just learned some knowledge of Unicode coding, and then smiled and replied: "Of course, you can see the Chinese catalog name tomorrow afternoon." ”
Using the SVN MV command, rename the original directory and commit to the code base, renamed the directory structure as follows: Arm
├─ Weekday Log
│├─ Headquarters personnel
│├─ Beijing Office
│└─ Shanghai Office
├─ company public File Reference directory
└─ Temporary file Storage place
Modify the code library's authz.conf file to rename the corresponding directory
Convert authz.conf files to UTF-8 format without BOM using UltraEdit
After converting the configuration file to UTF-8 format, Subversion will recognize the Chinese characters correctly. However, it is important to note that the UTF-8 file does not contain a BOM. The BOM is the abbreviation for byte order Mark, which refers to a number of characters in the head of a UNICODE file that indicate the order of high and low bytes, usually FF FE, and the EF BB BF after encoding it with UTF-8. Since the UTF-8 file itself does not have a byte-order problem, so the UTF-16 and other coding methods have a significant value of the BOM, for UTF-8, there is only one role-indicating that the file is UTF-8 format. Because the BOM will bring a lot of problems to the text processing, so many software now requires the use of UTF-8 files without a BOM, especially some processing of text software, such as PHP, UNIX script files, such as SVN.
In some of the text editing tools that are commonly used, the UTF-8 format file saved by the "Save as" menu is automatically brought with the BOM in the "notepad" that comes with MS Windows. The new version UltraEdit provides options that allow the user to choose whether a BOM is required, and the older version does not add a BOM. Please check your favorite editor's documentation to see if it supports this feature.
With UltraEdit, we can remove the BOM. This is done by first using the UTF-8 to ASCII menu to encode the file conversion cost, usually the GB2312 code, and then using the ASCII to UTF-8 (UNICODE Editing) switch to UTF-8.
6 References
Official Subversion document, http://svnbook.red-bean.com/en/1.1/ch06s04.html#svn-ch-6-sect-4.4.2
Subversion 1.3 change record, http://subversion.tigris.org/svn_1.3_releasenotes.html
Subversion faq,http://subversion.tigris.org/faq.html
UTF-8 FAQ, http://unicode.org/faq/utf_bom.html


Reprinted from: http://space.itpub.net/14780914/viewspace-413582









Authentication Failure Problem Resolution:



SVN Authz How do I configure directory permissions?


If I configure [/] in the Authz file, then there is no problem.
But if I add the repository name, I always fail the certificate.
I created the repository with Svnadmin CREATE/SVNBBK
Then set the Authz in the
[svnbbk:/] is always authentication failed


At this point in your case, I'm guessing you were using svnserve-d-R/SVNBBK when you started the SVN server. In this case your repository address is/SVNBBK then if your authz is set to [/], it is the corresponding/svnbbk/repository directory. [/test] is/svnbbk/test/this directory, and add [svnbbk:/] meaningless. You are already in the root directory.
I think you're probably asking how to configure different repositories for administration.
I suggest two ways:
1. Different Service port methods:
For example, you create a new repository:
Svnadmin Create/svntest2
So the way to make it work should be svnserve-d-r/svntest2--listen-port XXXX Specifies a different port to use with/SVNBBK.
2, same service port, multi-version library management (recommended)
First you have to give all repositoriesCreate a root directory, such as/SVN
and thensvnadmin create/svn/test1, svnadmin create/svn/test2 ...This establishes multiple versions of the repository.
And then the configuration method for the/conf/below each repository is almost the same,except:
AuthzThe list of questions you mentioned in this article needs to be added [test1:/], [test2:/]to set access permissions for different versions of the Coogan directory.
svn server:svnserve-d-r/svn with multiple repositories open--Note that you can enter the root directory
These repositories are thenaccess ModeIt is:
Svn://your-id-address/test1, Svn://your-ip-address/test2The (Of course I assume you use the default port of 3690)





Installation of SVN server-side methods and Directory Access configuration on CentOS 6.5 systems (summary)


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.