source: server/other/svnserver.xml@ 4774914f

10.0 10.1 11.0 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since 4774914f was 4774914f, checked in by Randy McMurchy <randy@…>, 17 years ago

Removed excessive whitespace from various package instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3165 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 9.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="svnserver" xreflabel="Running a Subversion Server">
9<sect1info>
10<othername>$LastChangedBy$</othername>
11<date>$Date$</date>
12</sect1info>
13<?dbhtml filename="svnserver.html"?>
14<title>Running a Subversion Server</title>
15
16<sect2>
17<title>Running a Subversion Server</title>
18<para>This section will describe how to set up, administer and secure
19a <application>Subversion</application> server.</para>
20
21<sect3><title><application>Subversion server</application> dependencies</title>
22<sect4><title>Required</title>
23<para><xref linkend="subversion"/> and <xref linkend="openssh"/></para>
24</sect4>
25</sect3>
26
27</sect2>
28
29<sect2>
30<title>Setting up a <application>Subversion</application> server.</title>
31
32<para>The following instructions will install a
33<application>Subversion</application> server, which will be set up to
34use <application>OpenSSH</application> as the secure remote access method, with
35<command>svnserve</command> available for anonymous access.</para>
36
37<para>Configuration of the <application>Subversion</application> server
38consists of the following steps:</para>
39
40<sect3><title>1. Setup users, groups, and permissions</title>
41<para>You'll need to be user root for the initial portion of
42configuration. Create the svn user and group with the following
43commands:</para>
44
45<screen><userinput><command>groupadd svn &amp;&amp;
46useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false svn</command></userinput></screen>
47
48<para>If you plan to have multiple repositories, you should have a
49group dedicated to each repository for ease of administration. Create
50the svntest group for the test repository and add the svn user to that
51group with the following commands:</para>
52
53<screen><userinput><command>groupadd svntest &amp;&amp;
54usermod -G svntest svn</command></userinput></screen>
55
56<para>Additionally you should set <command>umask 002</command> while working
57with a repository so that all new files will be writable by owner and group.
58This is made mandatory by creating a wrapper script for
59<command>svn</command> and <command>svnserve</command>:</para>
60
61<screen><userinput><command>mv /usr/bin/svn /usr/bin/svn.orig &amp;&amp;
62mv /usr/bin/svnserve /usr/bin/svnserve.orig &amp;&amp;
63cat &gt;&gt; /usr/bin/svn &lt;&lt; "EOF"</command>
64#!/bin/sh
65umask 002
66/usr/bin/svn.orig "$@"
67<command>EOF
68cat &gt;&gt; /usr/bin/svnserve &lt;&lt; "EOF"</command>
69#!/bin/sh
70umask 002
71/usr/bin/svnserve.orig "$@"
72<command>EOF
73chmod 0755 /usr/bin/svn{,serve}</command></userinput></screen>
74
75<note><para>If you use <application>Apache</application> for working with
76the repository over <acronym>HTTP</acronym>, even for anonymous access, you
77should wrap <command>/usr/sbin/httpd</command> in a similar
78script.</para></note>
79
80</sect3>
81
82<sect3><title>2. Create a <application>Subversion</application>
83repository.</title>
84
85<para>With subversion-1.1.0 and greater, a new type of repository
86data-store is available, <acronym>FSFS</acronym>. There is a tradeoff
87for speed with the new backend, however, the repository can now be
88placed on a network mount, and any corruption does not require an
89admin to recover the repository. For more information and comparison
90between <acronym>FSFS</acronym> and <acronym>BDB</acronym>, plese see
91<ulink url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>.
92Optionally you can pass <parameter>bdb</parameter> in place of
93<parameter>fsfs</parameter> in the following command to create a
94BerkelyDB data-store.</para>
95
96<para>Create a new <application>Subversion</application> repository with
97the following commands:</para>
98
99<screen><userinput><command>install -d -m0755 /srv &amp;&amp;
100install -d -m0755 -o svn -g svn /srv/svn/repositories &amp;&amp;
101svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</command></userinput></screen>
102
103<para>Now that the repository is created, we need to populate it with
104something useful. You'll need to have a predefined directory layout
105setup exactly as you want your repository to look. For example, here
106is a sample BLFS layout setup with a root of <filename>svntest/</filename>.
107You'll need to setup a directory tree similar to the following:</para>
108
109<screen> svntest/ # The name of the repository
110 trunk/ # Contains the existing source tree
111 BOOK/
112 bootscripts/
113 edguide/
114 patches/
115 scripts/
116 branches/ # Needed for additional branches
117 tags/ # Needed for tagging release points</screen>
118
119<para>Once you've created your directory layout as shown above, you are ready
120to do the initial import:</para>
121
122<screen><userinput><command>svn import -m "Initial import." \
123 <replaceable>[/path/to/source/tree]</replaceable> \
124 file:///srv/svn/repositories/svntest</command></userinput></screen>
125
126<para>Now go ahead and change owner and group information on the
127repository, and add your normal user to the svn and svntest groups:</para>
128
129<screen><userinput><command>chown -R svn:svntest /srv/svn/repositories/svntest &amp;&amp;
130chmod -R g+w /srv/svn/repositories/svntest &amp;&amp;
131chmod g+s /srv/svn/repositories/svntest/db &amp;&amp;
132usermod -G svn,svntest,<replaceable>[insert existing groups]</replaceable> <replaceable>[username]</replaceable></command></userinput></screen>
133
134<para>svntest is the group assigned to the svntest repository. As
135mentioned earlier, this eases administration of multiple repositories
136when using <application>OpenSSH</application> for authentication. Going
137forward, you'll need to add your regular user, and any additional users
138that you wish to have write access to the repository, to the svn and
139svntest groups.</para>
140
141<para>In addition, you'll notice that the new repository's
142<filename>db</filename> directory is set-groupID. If the reasoning is
143not immediately obvious, when using any external authentication method
144(such as <command>ssh</command>), the sticky bit is set so that all new files
145will be owned by the user, but group of svntest. Anyone in the svntest group
146can create files, but still give the entire group write access to those
147files. This avoids locking out other users from the repository.</para>
148
149<para>Now, go ahead and return to your normal user account, and take a look at
150your new repository using <command>svnlook</command>:</para>
151
152<screen><userinput><command>svnlook tree /srv/svn/repositories/svntest/</command></userinput></screen>
153
154<note><para>You may need to log out and back in again to refresh your group
155memberships. '<command>su <replaceable>[username]</replaceable></command>'
156should work around this as well.</para></note>
157
158</sect3>
159
160<sect3><title>3. Configure the server</title>
161
162<para>As mentioned previously, these instructions will configure the
163server to use only <command>ssh</command> for write access to the repository
164and to provide anonymous access using <command>svnserve</command>. There are
165several other ways to provide access to the repository. These additional
166configurations are best explained at
167<ulink url="http://svnbook.red-bean.com/"/>.</para>
168
169<para>Access configuration needs to be done for each repository. Create
170the <filename>svnserve.conf</filename> file for the svntest repository
171using the following commands:</para>
172
173<screen><userinput><command>cp /srv/svn/repositories/svntest/conf/svnserve.conf \
174 /srv/svn/repositories/svntest/conf/svnserve.conf.default &amp;&amp;
175cat &gt; /srv/svn/repositories/svntest/conf/svnserve.conf &lt;&lt; "EOF"</command>
176[general]
177anon-access = read
178auth-access = write
179<command>EOF</command></userinput></screen>
180
181<para>There is not a lot to the configuration file at all. You'll notice
182that only the general section is required. Take a look at the
183<filename>svnserve.conf.default</filename> file for information on using
184<command>svnserve</command>'s built-in authentication method.</para>
185
186</sect3>
187
188<sect3><title>4. Starting the server</title>
189<para>There are a couple of ways to start <command>svnserve</command>. The
190most common way is to start it as an <command>inetd</command> or
191<command>xinetd</command> process. Alternately, you can use a
192bootscript to start the service at startup.</para>
193
194<note><para>If you do not wish to provide anonymous access to your svn
195repositories or use <command>svnserve</command>'s built-in
196authentication, you do not need to run
197<command>svnserve</command>.</para></note>
198
199<para>If you use <command>inetd</command>, add a line to
200<filename>/etc/inetd.conf</filename> using the following commands:</para>
201
202<screen><userinput><command>cat &gt;&gt; /etc/inetd.conf &lt;&lt; "EOF"</command>
203svn stream tcp nowait svn /usr/bin/svnserve svnserve -i
204<command>EOF</command></userinput></screen>
205
206<para>If you use <command>xinetd</command>, add the following
207lines to the <filename>/etc/xinetd.conf</filename> file:</para>
208
209<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
210service svn
211{
212 port = 3690
213 socket_type = stream
214 protocol = tcp
215 wait = no
216 user = svn
217 server = /usr/bin/svnserve
218 server_args = -i -r /srv/svn/repositories
219}
220<command>EOF</command></userinput></screen>
221
222<para>Finally, if you wish to simply start the sever at
223startup, install the svn bootscript included in the
224<xref linkend="intro-important-bootscripts"/> package.</para>
225
226<screen><userinput><command>make install-svn</command></userinput></screen>
227
228</sect3>
229
230</sect2>
231
232</sect1>
233
Note: See TracBrowser for help on using the repository browser.