Context Navigation

source: general/prog/svnserver.xml@ a8c1294

Visit:

11.3 12.0 12.1 kea ken/TL2024 ken/tuningfonts lazarus lxqt plabs/newcss python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18 xry111/xf86-video-removal r11.3

Last change on this file since a8c1294 was b59e5eb3, checked in by David Bryant <davidbryant@…>, 18 months ago
Fixed a common misspelling. "setup" is a noun. When "set up" is a phrasal verb, it is spelled as two words. This commit fixes most of the misspelled "set up" instances in the BLFS book.
Property mode set to `100644`
File size: 10.5 KB

Rev	Line
[6ff0105]	1	<?xml version="1.0" encoding="ISO-8859-1"?>
[6732c094]	2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
[6ff0105]	4	<!ENTITY % general-entities SYSTEM "../../general.ent">
	5	%general-entities;
	6	]>
	7
	8	<sect1 id="svnserver" xreflabel="Running a Subversion Server">
[eae0107f]	9	<?dbhtml filename="svnserver.html"?>
	10
	11
	12	<title>Running a Subversion Server</title>
	13
	14	<sect2 role="package">
	15	<title>Running a Subversion Server</title>
	16
[de33b2a]	17	<para>
	18	This section will describe how to set up, administer and secure
	19	a <application>Subversion</application> server.
	20	</para>
[eae0107f]	21
	22	<bridgehead renderas="sect3">Subversion Server Dependencies</bridgehead>
	23
	24	<bridgehead renderas="sect4">Required</bridgehead>
[de33b2a]	25	<para role="required">
	26	<xref linkend="subversion"/> and
	27	<xref linkend="openssh"/>
	28	</para>
[eae0107f]	29
	30	</sect2>
	31
	32	<sect2 role="configuration">
	33	<title>Setting up a Subversion Server.</title>
	34
[de33b2a]	35	<para>
	36	The following instructions will install a
	37	<application>Subversion</application> server, which will be set up
	38	to use <application>OpenSSH</application> as the secure remote access
	39	method, with <command>svnserve</command> available for anonymous
	40	access.
	41	</para>
[eae0107f]	42
[de33b2a]	43	<para>
	44	Configuration of the <application>Subversion</application> server
	45	consists of the following steps:
	46	</para>
[eae0107f]	47
	48	<sect3>
[b59e5eb3]	49	<title>1. Set Uup Users, Groups, and Permissions</title>
[eae0107f]	50
[de33b2a]	51	<para>
	52	You'll need to be user
	53	<systemitem class='username'>root</systemitem> for the initial portion
	54	of configuration. Create the <systemitem
	55	class="username">svn</systemitem> user and group with the following
	56	commands:
	57	</para>
[eae0107f]	58
[b785ab29]	59	<screen role="root"><userinput>groupadd -g 56 svn &&
	60	useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn</userinput></screen>
[eae0107f]	61
[de33b2a]	62	<para>
	63	If you plan to have multiple repositories, you should have a
	64	group dedicated to each repository for ease of administration. Create
	65	the <systemitem class="groupname">svntest</systemitem> group for the
	66	test repository and add the <systemitem
	67	class="username">svn</systemitem> user to that group with the
	68	following commands:
	69	</para>
[eae0107f]	70
[b785ab29]	71	<screen role="root"><userinput>groupadd -g 57 svntest &&
[3a79861]	72	usermod -G svntest -a svn</userinput></screen>
[eae0107f]	73
[de33b2a]	74	<para>
	75	Additionally you should set <command>umask 002</command> while
	76	working with a repository so that all new files will be writable by
	77	owner and group. This is made mandatory by creating a wrapper script
	78	for <command>svn</command> and <command>svnserve</command>:
	79	</para>
[eae0107f]	80
	81	<screen role="root"><userinput>mv /usr/bin/svn /usr/bin/svn.orig &&
[42c74de]	82	mv /usr/bin/svnserve /usr/bin/svnserve.orig &&
[eae0107f]	83	cat >> /usr/bin/svn << "EOF"
	84	<literal>#!/bin/sh
[42c74de]	85	umask 002
[eae0107f]	86	/usr/bin/svn.orig "$@"</literal>
	87	EOF
	88	cat >> /usr/bin/svnserve << "EOF"
	89	<literal>#!/bin/sh
[42c74de]	90	umask 002
[eae0107f]	91	/usr/bin/svnserve.orig "$@"</literal>
	92	EOF
	93	chmod 0755 /usr/bin/svn{,serve}</userinput></screen>
	94
	95	<note>
[de33b2a]	96	<para>
	97	If you use <application>Apache</application> for working with
	98	the repository over HTTP, even for anonymous access, you should wrap
	99	<command>/usr/sbin/httpd</command> in a similar script.
	100	</para>
[eae0107f]	101	</note>
	102
	103	</sect3>
	104
	105	<sect3>
	106	<title>2. Create a Subversion repository.</title>
	107
[1e5a9a41]	108	<para>
	109	There are several ways to set up a subversion repository. It is
	110	recommended to have a look at the <ulink
[80106051]	111	url="https://svnbook.red-bean.com/nightly/en/svn.reposadmin.html">SVN
[1e5a9a41]	112	Book</ulink> corresponding chapter. A basic repository can be set up
	113	with the instructions below.
[cf5c43f3]	114	</para>
[eae0107f]	115
[1e5a9a41]	116	<para>
	117	Create a new <application>Subversion</application> repository with
	118	the following commands (as the <systemitem class="username">root
	119	</systemitem> user):
	120	</para>
[eae0107f]	121
[975fb37e]	122	<screen role="root"><userinput>install -v -m 0755 -d /srv/svn &&
[cf5c43f3]	123	install -v -m 0755 -o svn -g svn -d /srv/svn/repositories &&
[1e5a9a41]	124	svnadmin create /srv/svn/repositories/svntest</userinput></screen>
[42c74de]	125
[de33b2a]	126	<para>
	127	Now that the repository is created, it should be populated with
	128	something useful. You'll need to have a predefined directory
	129	layout set up exactly as you want your repository to look. For
	130	example, here is a sample BLFS layout setup with a root of
[b59e5eb3]	131	<filename>svntest/</filename>. You'll need to set up a directory
[de33b2a]	132	tree similar to the following:
	133	</para>
[42c74de]	134
[efd03f7]	135	<screen><literal>svntest/ # The name of the repository
	136	trunk/ # Contains the existing source tree
	137	BOOK/
	138	bootscripts/
	139	edguide/
	140	patches/
	141	scripts/
	142	branches/ # Needed for additional branches
	143	tags/ # Needed for tagging release points</literal></screen>
[42c74de]	144
[de33b2a]	145	<para>
	146	Once you've created your directory layout as shown above, you
	147	are ready to do the initial import:
	148	</para>
[42c74de]	149
[eae0107f]	150	<screen role="root"><userinput>svn import -m "Initial import." \
[efd03f7]	151	<replaceable></path/to/source/tree></replaceable> \
[eae0107f]	152	file:///srv/svn/repositories/svntest</userinput></screen>
[42c74de]	153
[de33b2a]	154	<para>
	155	Now change owner and group information on the
	156	repository, and add an unprivileged user to the
	157	<systemitem class="groupname">svn</systemitem> and
	158	<systemitem class="groupname">svntest</systemitem> groups:
	159	</para>
[42c74de]	160
[efd03f7]	161	<screen role="root"><userinput>chown -R svn:svntest /srv/svn/repositories/svntest &&
	162	chmod -R g+w /srv/svn/repositories/svntest &&
	163	chmod g+s /srv/svn/repositories/svntest/db &&
[3a79861]	164	usermod -G svn,svntest -a <replaceable><username></replaceable></userinput></screen>
[eae0107f]	165
[de33b2a]	166	<para>
	167	<systemitem class="groupname">svntest</systemitem> is the group
	168	assigned to the svntest repository. As mentioned earlier, this eases
	169	administration of multiple repositories when using
	170	<application>OpenSSH</application> for authentication. Going forward,
	171	you'll need to add your unprivileged user, and any additional users
	172	that you wish to have write access to the repository, to the
	173	<systemitem class="groupname">svn</systemitem> and <systemitem
	174	class="groupname">svntest</systemitem> groups.
	175	</para>
	176
	177	<para>
	178	In addition, you'll notice that the new repository's
	179	<filename>db</filename> directory is set-groupID. If the reasoning is
	180	not immediately obvious, when using any external authentication method
	181	(such as <command>ssh</command>), the sticky bit is set so that all
	182	new files will be owned by the user, but group of
	183	<systemitem class="groupname">svntest</systemitem>. Anyone in the
	184	<systemitem class="groupname">svntest</systemitem> group can create
	185	files, but still give the entire group write access to those
	186	files. This avoids locking out other users from the repository.
	187	</para>
	188
	189	<para>
	190	Now, return to an unprivileged user account, and take a
	191	look at the new repository using <command>svnlook</command>:
	192	</para>
[eae0107f]	193
	194	<screen><userinput>svnlook tree /srv/svn/repositories/svntest/</userinput></screen>
	195
	196	<note>
[de33b2a]	197	<para>
	198	You may need to log out and back in again to refresh your group
	199	memberships. <command>su
	200	<replaceable><username></replaceable></command>
	201	should work as well.
	202	</para>
[eae0107f]	203	</note>
	204
	205	</sect3>
	206
	207	<sect3>
	208	<title>3. Configure the Server</title>
	209
[de33b2a]	210	<para>
	211	As mentioned previously, these instructions will configure the
	212	server to use only <command>ssh</command> for write access to the
	213	repository and to provide anonymous access using
	214	<command>svnserve</command>. There are several other ways to provide
	215	access to the repository. These additional configurations are best
[80106051]	216	explained at <ulink url="https://svnbook.red-bean.com/"/>.
[de33b2a]	217	</para>
[eae0107f]	218
[de33b2a]	219	<para>
	220	Access configuration needs to be done for each repository.
	221	Create the <filename>svnserve.conf</filename> file for the svntest
	222	repository using the following commands:
	223	</para>
[eae0107f]	224
	225	<screen role="root"><userinput>cp /srv/svn/repositories/svntest/conf/svnserve.conf \
[efd03f7]	226	/srv/svn/repositories/svntest/conf/svnserve.conf.default &&
	227
[eae0107f]	228	cat > /srv/svn/repositories/svntest/conf/svnserve.conf << "EOF"
	229	<literal>[general]
	230	anon-access = read
	231	auth-access = write</literal>
	232	EOF</userinput></screen>
[42c74de]	233
[de33b2a]	234	<para>
	235	There is not a lot to the configuration file at all. You'll notice
	236	that only the general section is required. Take a look at the
	237	<filename>svnserve.conf.default</filename> file for information on
	238	using <command>svnserve</command>'s built-in authentication method.
	239	</para>
[42c74de]	240
[eae0107f]	241	</sect3>
[42c74de]	242
[eae0107f]	243	<sect3 id="svnserver-init">
	244	<title>4. Starting the Server</title>
[42c74de]	245
[de33b2a]	246	<para revision="sysv">
	247	To start the server at boot time, install the svn
	248	bootscript included in the <xref linkend="bootscripts"/> package:
	249	</para>
[42c74de]	250
[de33b2a]	251	<para revision="systemd">
	252	To start the server at boot time, install the
[8558044]	253	<filename>svnserve.service</filename> unit from the
[de33b2a]	254	<xref linkend="systemd-units"/> package:
	255	</para>
[0098ace6]	256
	257	<indexterm zone="svnserver svnserver-init" revision="sysv">
[eae0107f]	258	<primary sortas="f-svn">svn</primary>
	259	</indexterm>
[42c74de]	260
[0098ace6]	261	<screen role="root" revision="sysv"><userinput>make install-svn</userinput></screen>
	262
	263	<indexterm zone="svnserver svnserver-init" revision="systemd">
	264	<primary sortas="f-svnserve">svnserve</primary>
	265	</indexterm>
	266
	267	<screen role="root" revision="systemd"><userinput>make install-svnserve</userinput></screen>
	268
[de33b2a]	269	<para revision="systemd">
	270	Additionally, the instructions above require
	271	that svn server uses <command>umask 002</command> so that all new files
	272	will be writable by owner and group. This can be achieved by creating
	273	a systemd unit override file by running the following command:
	274	</para>
[0098ace6]	275
[8558044]	276	<screen role="root" revision="systemd"><userinput>mkdir -p /etc/systemd/system/svnserve.service.d
[0098ace6]	277	echo "UMask=0002" > /etc/systemd/system/svnserve.service.d/99-user.conf</userinput></screen>
	278
[de33b2a]	279	<para revision="systemd">
	280	Options which are passed to
	281	<command>svnserve</command> daemon can be changed in
	282	<filename>/etc/default/svnserve</filename>.
	283	</para>
[6ff0105]	284
[eae0107f]	285	</sect3>
[6ff0105]	286
[eae0107f]	287	</sect2>
[6ff0105]	288
[eae0107f]	289	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: