SVN deployment/Security and permissions configuration under Linux for Web synchronization updates

Transferred from: http://www.cnblogs.com/me115/archive/2013/04/07/3002058.html

This article contains the following content:

SVN Server Installation

SVN privilege Management

SVN uses SASL encryption

Sync other directories when SVN uploads

Demand

On the basis of Web-based version management, it is possible to view the effect of the modification through Web Access immediately after the code is uploaded, and ensure the security of the data.

SVN installation

The SVN server operates in 2 ways: stand-alone servers and operate with Apache.

Svnserve is lightweight and relatively simple compared to Apache, and Svnserve is included in subversion, so just installing subversion is the equivalent of installing a small SVN server. It uses its own set of protocols to communicate. For example, using http://prefix when accessing Apache, and svnserve using svn://prefix.

This is a standalone server operation, the advantage is simple and small. If it is to support larger-scale development, it is recommended to use the Apache server mode; svnserver installation is used here;

1. First create a single user for SVN, so that you can use the security features of the operating system;

2. Add the Svnadmin user to the Sudu group;

3. Installation:

sudo apt-get install subversion

4. Create the Test catalog:

Mkdir/home/svnadmin/test

5. Create a repository:
Svnadmin Create/home/svnadmin/test

4. Import the project

For example, there is now a project named Exampro,

Location/alidata/www/exampro, import this project into the local warehouse.

SVN import/alidata/www/exampro file:///home/svnadmin/examPro-m "Import Exampro"

In the previous example, the directory Exampro will be copied to the repository;

The project is then incorporated into the local warehouse management of the server.

In order to use the SVN synchronization update mechanism, we need to check out an up-to-date engineering copy on the SVN server environment (this is referred to as a directory).
$ svn Checkout File:///home/svnadmin/examPro
In this copy, we generally do not modify, but to synchronize updates, when the development machine has any changes, update to the SVN server, you can update to the a directory, so that the code in the A directory is the latest code for the entire project, and the use of a directory built Web test environment, Is the latest Web test environment;

5. Start the SVN service

$ svnserve-d-r/home/svnadmin/exampro

Description Description:
-d means svnserver runs in daemon process mode
-r Specifies the root location of the file system (the repository's root directory) so that the client can access the repository without entering the full path.

6. Stop the SVN service:

Killall svnserve//Stop Svnserve Service

SVN Privilege Management1.SVN Repository Directory Description

DB: Store specific data;

Hooks: Hook program storage, such as we want to achieve synchronous update operation, here to achieve;

Conf: Configuration file location

The following specific Conf directory;

There are three files in the Conf directory:

Svnserve.conf, Authz, and passwd;

2.SVN Service configuration file: svnserve.conf

To view the file, first, the permissions of the anonymous user are configured:

Anon-access = None

auth-access = Write

: For anonymous users, no access rights;

For authorized users, have write permission;

The next section is used to configure which authorization login method is used;

Optional password-db, that is, the user name and password are plaintext stored in the same directory in the passwd file, the advantage is the efficient configuration is simple, the disadvantage is that the security is weak, the plaintext is not so people feel reliable;

Another is authz-db, this way the user password used SASL encryption, security is guaranteed;

Select the setting in this way to comment out the password-db:

# password-db = passwd

Authz-db = Authz

#指定授权所属的域, C + + comrades can interpret it as namespaces;

Realm = Exampro

Next is the [SASL] segment, which identifies whether SASL encryption is processed;

USE-SASL = True

min-encryption = 128

Max-encryption = 256

Variables min-encryption and max-encryption control the encryption strength required by the server.

3. Detailed permission Profile Authz:

This is the authorization database, which is used to configure the access rights of the specified directory to the user;

The first is to specify a user group, which is always convenient to assign permissions by group, even if your team currently has only one person in a group. When you join a new member, you will be able to appreciate the convenience of assigning permissions by group;

[Groups]

G_fronter=cuicc,gdii

G_vip=coo

G_doc=yhh

[exampro:/]

@g_vip =RW

@g_fronter =r

@g_doc =r

[Exampro:/protected/modules]

@g_vip =RW

@g_fronter =

*=

[Exampro:/protected]

@g_doc =

For the above code configuration detailed description, you can refer to this article's reference article [1]SVN permission Configuration, the more detailed introduction, here is not much to say, there are questions please message or mail;

SVN uses SASL encryption

1. Configure svnserve.conf, comment out password-db = passwd

and enable SQSL:USE-SASL = True

2. Create a new svn.conf file, typically placed in/USR/LIB/SASL2 or/ETC/SASL2, with the following:

Pwcheck_method:auxprop

Auxprop_plugin:sasldb

Sasldb_path:/home/svnadmin/config/sasldb

Mech_list:digest-md5

Where Sasldb_path specifies the location where you intend to place the SASL encrypted database;

Note: Pwcheck_method indicates the method of inspection, here is "Auxprop", this pwcheck_method also corresponds to such as starting an agent as a certification service, and so on, and now means to use this document said the way to check. Then we indicate that Auxprop_plugin is sasldb, that is, using a file to hold the username and password, that is/HOME/SVN/SVNJIAMI/SASLDB, the other authentication information is stored plugin and SQL and ldapdb. And Mech_list indicates the authentication information transmission mechanism.

Svnserve is already running, you need to restart the service and make sure it reads the updated configuration parameters

Killall svnserve//Stop Svnserve Service

SVNSERVE–D–R/HOME/SVN//Start Svnserve Service

3. Create user and password

Using the SASLPASSWD2 program

Syntax: saslpasswd2–c–f/home/svn/jiami/sasldb–u [realm name configured in svnserve.conf] [username]

Eg:saslpasswd2-c-f/home/svnadmin/config/sasldb-u Exampro Colin

will appear interactive interface, prompted to enter two times password;

Report:

Saslpasswd2-d-F home/svnadmin/config/sasldb-u User name//delete user

Sasldblistusers2-f/home/svnadmin/config/sasldb//query user

PS: If you access the library when the following prompt "Could not obtain the list of SASL mechanisms", because Linux is not installed by default DIGEST-MD5, at this time, the following command can be installed update: Yum install CYRUS-SASL-MD5, CYRUS-SASL-MD5 Home: http://asg.web.cmu.edu/sasl/, installation package: ftp://ftp.andrew.cmu.edu/pub/cyrus/

Configuration complete;

Sync to server other directory when SVN uploads

Under the svn/exampro/hooks/directory:

Can see a bunch of template hooks file, we need is Post-commit.tmpl,

Copy one, named Post-commit. then modify;

1. Set the locale:

#这行比较重要, you need to choose the correct locale based on your server environment, otherwise this update will not work;

#export LANG=ZH_CN. UTF-8

Export Lang=en_us. UTF-8

2. Set up directories to synchronize updates when SVN update is in use

SVN update/alidata/www/examplepro--username yoursname--password yourpwd

The above line indicates that when the SVN server version is updated, the corresponding files in the/alidata/www/exampro directory are updated synchronously, and Yoursname and yourpwd are the user names and passwords you set in the SASL; You can assign a user only global Read permission to the SVN repository)

3. Output log, easy to track query

Echo ' WhoAmI ', $REPOS, $REV >>/home/svnadmin/exampro/hooks/svn_hook.log

Whenever there is an update, a statement is inserted in the update log indicating when the update was made, (this can also be used to configure the environment when debugging, to query whether synchronization is effective)

Our configuration here is all done;

Now, SVN implements version management functionality, while synchronizing updated catalogs facilitates tester integration testing;

Developers need to be assured that versions that are checked into the SVN repository at any time are running code.

SVN deployment/Security and permissions configuration under Linux for Web synchronization updates