Svnserver Configuration Detailed

Svnserve is a lightweight server that comes with SVN, and the client accesses the Svnserve server by using a URL prefixed with svn://or svn+ssh://, enabling remote access to the SVN repository.

Svnserve can set up users and passwords through configuration files, and control repository access by path. This article analyzes the Svnserve configuration file format in detail and explains how to use a configuration file to control the repository access rights.

This article describes the SVN version of 1.4.4.

1) svnserve Configuration file Overview

The Svnserve configuration file typically consists of the following 3 text files:
The SVN service configuration file, the file repository directory, is under the Conf directory, and the file name is svnserve.conf.
User name password file, which is specified in file svnserve.conf, and defaults to passwd in the same directory.
The permission profile, which is also specified in the file svnserve.conf, defaults to Authz in the same directory.

2) SVN service configuration file

The SVN service configuration file is the file conf/svnserve.conf in the repository directory. The file consists of only one [general] configuration segment.

The configuration line format in the [General] configuration section is as follows:
< configuration Items > = < values >

The configuration item is divided into the following 5 items:

Anon-access controls the permissions of non-authenticated users to access the repository. The values range from "write", "read" and "none".
That is, "write" is readable and writable, "read" is read-only and "none" means no access.
Default value: Read

Auth-access Controls access to the repository for authentication users. The values range from "write", "read" and "none".
That is, "write" is readable and writable, "read" is read-only and "none" means no access.
Default value: Write

PASSWORD-DB Specifies the user name password file name. File location is relative conf unless absolute path is specified
The relative path of the directory.
Default value: passwd

AUTHZ-DB Specifies the permission profile file name through which path-based access control can be implemented.
The file location is relative to the relative path of the Conf directory unless you specify an absolute path.
Default value: Authz

realm Specifies the authentication domain for the repository, which is the name of the authentication domain that is prompted at logon. If two versions of the repository
Authentication domain is the same, it is recommended to use the same user name password data file.
Default value: One uuid (Universal unique IDentifier, globally unique).

Description Repository Certification Domain
When using an SVN client to access the Svnserve server, if a user is required to log in, the message is as follows:
[[Email protected] root]# SVN list svn://192.168.3.45/test
Authentication Realm: <svn://192.168.3.45:3690> 0d545a49-4038-0410-99b4-c66dc73f754e
Password for ' root ':
The string displayed after "Authentication realm: <svn://192.168.3.45:3690>" in line 2nd above is the authentication domain name. If you set the authentication domain in the configuration file, you will be prompted with a UUID, as shown above.
If the following configuration item is specified in the configuration file:
Realm = Test
The SVN client will be prompted as follows:
[[Email protected] root]# SVN list svn://192.168.3.45/test
Authentication Realm: <svn://192.168.3.45:3690> test
Password for ' root ':

Example 1:SVN Service configuration file conf/svnserve.conf is as follows:
[General]
Anon-access = None
auth-access = Write
Password-db = http://www.cnblogs.com/conf/passwd
Authz-db = Http://www.cnblogs.com/conf/authz
Realm = Test

The above configuration file sets non-authenticated users without permission to access the repository; Authentication users can read and write to the repository; User name password file is relative to Repository conf directory file "HTTP://WWW.CNBLOGS.COM/CONF/PASSWD" The permission profile is the file "Http://www.cnblogs.com/conf/authz" of the Conf directory relative to the repository, and the repository's authentication domain is "test".

3) User name password file

The user name password file is specified by the SVNSERVE.CONF configuration item password-db, which defaults to passwd in the Conf directory. The file consists of only one [users] configuration segment.

The configuration line format for the [users] configuration segment is as follows:
< user name > = < password >
Note: The password in the configuration line is clear text that has not been processed.

Example 2: User name password file conf/passwd the following:
[Users]
admin = Admin
Thinker = 123456

The file is configured with two users, the user name is "admin" and "thinker" respectively. Where the "admin" User's password is "admin", "thinker" User's password is "123456".

4) Privilege profile

The permission profile is specified by the SVNSERVE.CONF configuration item authz-db, which defaults to Authz in the Conf directory. The configuration file consists of a [groups] configuration segment and several repository path permission segments.

The configuration line format in the [groups] configuration segment is as follows:
< user Group > = < user list >
The list of users consists of several user groups or user names, separated by a comma "," between user names, and a user group to be referenced using the prefix "@" (for example, referencing the user group "all" to use the string "@all").

The section name format for the repository path permission segment is as follows:
[< version Library name >:< path;]
The section name for the repository path permission segment, such as the version library ABC path/TMP, is "[Abc:/tmp]".
You can omit the repository name from the segment name. If you omit the repository name, the repository path permission segment is valid for access control for the same path in all repositories. For example, the repository path permission segment named "[/tmp]" is set to access the directory "/tmp" in the repository that references that permission profile.

There are three types of configuration rows in the Repository path permission segment:
< user name > = < permissions >
< user groups > = < permissions >
* = < Permissions >
where "*" means any user, the scope of the permission is ', ' R ' and ' RW ', ' indicates that there is no permission on the repository path, ' R ' indicates read-only permission, ' RW ' indicates read and write permissions.
Note: Each line configuration can only be configured for individual users or groups of users.

Example 3: The contents of the rights profile Conf/authz are as follows:
[Groups]
G_admin = Admin,thinker

[admintools:/]
@g_admin = RW
* =

[Test:/home/thinker]
Thinker = RW
* = R

In the above configuration file, a user group "g_admin" is defined, which contains the user "admin" and "thinker". Then 2 repository path permission segments are defined. Among them, the repository "AdminTools" only the user group "G_admin" can read and write, the other users do not have any permissions, the repository "test" in the path "/home/thinker" only the user "thinker" has read and write permissions, other users have only Read permission.

5) Summary

In this article, the 3 configuration files for the Svnserve program are described in detail. The SVN administrator can set the user name password for the Svnserve service and access to the repository path through these 3 profiles. These profiles take effect immediately after they are saved and do not require a restart of the Svnserve service.
It should be emphasized that the configuration file described in this article is valid only for the Svnserve service, that is, the client is valid through a URL that is prefixed with svn://or svn+ssh://, and the URL that is prefixed by http:/, https://, or file:///is invalid.

Svnserver Configuration Detailed