source: server/other/svnserver.xml@ 7afc6e2

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 7afc6e2 was 7afc6e2, checked in by DJ Lucas <dj@…>, 20 years ago

Added note to svnserver about svnserve not needed, and other minor cleanups

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2556 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 9.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7]>
8
9<sect1 id="svnserver" xreflabel="Running a Subversion Server">
10<?dbhtml filename="svnserver.html"?>
11<title>Running a Subversion Server</title>
12
13<sect2>
14<title>Running a Subversion Server</title>
15<para>This section will describe how to set up, administer and secure
16a <application>Subversion</application> server.</para>
17
18<sect3><title><application>Subversion server</application> dependencies</title>
19<sect4><title>Required</title>
20<para><xref linkend="subversion"/> and <xref linkend="openssh"/></para></sect4>
21</sect3>
22
23</sect2>
24
25<sect2>
26<title>Setting up a <application>Subversion</application> server.</title>
27
28<para>The following instructions will install a
29<application>Subversion</application> server, which will be set up to
30use <application>OpenSSH</application> as the secure remote access method, with
31<command>svnserve</command> available for anonymous access.</para>
32
33<para>Configuration of the <application>Subversion</application> server
34consists of the following steps:</para>
35
36<sect3><title>1. Setup users, groups, and permissions</title>
37<para>You'll need to be user root for the initial portion of
38configuration. Create the svn user and group with the following
39commands:</para>
40
41<screen><userinput><command>groupadd svn &amp;&amp;
42useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false svn</command></userinput></screen>
43
44<para>If you plan to have multiple repositories, you should have a
45group dedicated to each repository for ease of administration. Create
46the svntest group for our test repository and add the svn user to that
47group with the following commands:</para>
48
49<screen><userinput><command>groupadd svntest &amp;&amp;
50usermod -G svntest svn</command></userinput></screen>
51
52<para>Additionally you should set umask '002' while working with a
53repository so that all new files will be writable by owner and group.
54We'll make this mandatory by writing a wrapper script for
55<command>svn</command> and <command>svnserve</command>:</para>
56
57<screen><userinput><command>mv /usr/bin/svn /usr/bin/svn.orig &amp;&amp;
58mv /usr/bin/svnserve /usr/bin/svnserve.orig &amp;&amp;
59cat &gt;&gt; /usr/bin/svn &lt;&lt; "EOF" &amp;&amp;</command>
60#!/bin/sh
61umask 002
62/usr/bin/svn.orig "$@"
63<command>EOF
64cat &gt;&gt; /usr/bin/svnserve &lt;&lt; "EOF" &amp;&amp;</command>
65#!/bin/sh
66umask 002
67/usr/bin/svnserve.orig "$@"
68<command>EOF
69chmod 0755 /usr/bin/svn{,serve}</command></userinput></screen>
70
71<note><para>If you use <application>apache</application> for working with
72the repository over http, even for anonymous access, you should wrap
73<application>apache</application> in a similar script.</para></note>
74
75</sect3>
76
77<sect3><title>2. Create a <application>Subversion</application>
78repository.</title>
79<para>Create a new <application>Subversion</application> repository with
80the following commands:</para>
81<screen><userinput><command>install -d -m0755 /srv &amp;&amp;
82install -d -m0755 -o svn -g svn /srv/svn/repositories &amp;&amp;
83svnadmin create /srv/svn/repositories/svntest</command></userinput></screen>
84
85<para>Now that the repository is created, we need to populate it with
86something useful. You'll need to have a predefined directory layout
87setup exactly as you want your repository to look. For example, here
88is a sample BLFS layout setup with a root of <filename>svntest/</filename>.
89You'll need to setup a directory tree similar to the following:</para>
90
91<screen> svntest/ # The name of the repository
92 trunk/ # Contains the existing source tree
93 BOOK/
94 bootscripts/
95 edguide/
96 patches/
97 scripts/
98 branches/ # Needed for additional branches
99 tags/ # Needed for tagging release points</screen>
100
101<para>Once you've created your directory layout as above, you are ready to
102do the initial import:</para>
103
104<screen><userinput><command>svn import -m "Initial import." \
105 <replaceable>[/path/to/source/tree]</replaceable> \
106 file:///srv/svn/repositories/svntest</command></userinput></screen>
107
108<para>Now go ahead and change owner and group information on the
109repository, and add your normal user to the svn and svntest groups:</para>
110
111<screen><userinput><command>chown -R svn:svntest /srv/svn/repositories/svntest &amp;&amp;
112chmod -R g+w /srv/svn/repositories/svntest &amp;&amp;
113chmod g+s /srv/svn/repositories/svntest/db &amp;&amp;
114usermod -G svn,svntest,<replaceable>[insert existing groups]</replaceable> <replaceable>[username]</replaceable></command></userinput></screen>
115
116<para>svntest is the group assigned to the svntest repository. As
117mentioned earlier, this eases administration of multiple repositories
118when using <application>OpenSSH</application> for authentication. Going
119forward, you'll need to add your regular user, and any additional users
120that you wish to have write access to the repository, to the svn and
121svntest groups.</para>
122
123<para>In addition, you'll notice that the new repository's
124<filename>db</filename> directory is set-groupID. If the reasoning is
125not immediately obvious, when using any external authentication method
126(such as ssh), the sticky bit is set so that all new files will be owned
127by the user, but group of svntest. Anyone in the svntest group can
128create files, but still give the entire group write access to those
129files. This avoids locking out other users from the repository.</para>
130
131<para>Now, go ahead and return to your normal user account, and take a look at
132your new repository using <command>svnlook</command>:</para>
133
134<screen><userinput><command>svnlook tree /srv/svn/repositories/svntest/</command></userinput></screen>
135
136<note><para>You may need to logout and back in again to refresh your group
137memberships. '<command>su <replaceable>[username]</replaceable></command>'
138should work around this as well.</para></note>
139
140</sect3>
141
142<sect3><title>3. Configure the server</title>
143
144<para>As mentioned previously, these instructions will configure the
145server to use only ssh for write access to the repository and to provide
146anonymous access using <command>svnserve</command>. There are several other
147ways to provide access to the repository. These additional configurations
148are best explained at <ulink url="http://svnbook.red-bean.com/" />.</para>
149
150<para>Access configuration needs to be done for each repository. Create
151the <filename>svnserve.conf</filename> file for the svntest repository
152using the following commands:</para>
153
154<screen><userinput><command>cp /srv/svn/repositories/svntest/conf/svnserve.conf \
155 /srv/svn/repositories/svntest/conf/svnserve.conf.default &amp;&amp;
156cat &gt; /srv/svn/repositories/svntest/conf/svnserve.conf &lt;&lt; "EOF"</command>
157[general]
158anon-access = read
159auth-access = write
160<command>EOF</command></userinput></screen>
161
162<para>There is not a lot to the configuration file at all. You'll notice
163that only the general section is required. Take a look at the
164<filename>svnserve.conf.default</filename> for information on using
165<command>svnserve</command>'s built-in authentication method.</para>
166
167</sect3>
168
169<sect3><title>4. Starting the server</title>
170<para>There are a couple of ways to start <command>svnserve</command>. The
171most common way is to start it as an <application>inetd</application> or
172<application>xinetd</application> process. Alternately, you can use a
173bootscript to start the service at startup.</para>
174
175<note><para>If you do not wish to provide anonymous access to your svn
176repositories or use <command>svnserve</command>'s built-in
177authentication, you do not need to run
178<command>svnserve</command>.</para></note>
179
180<para>If you use <application>inetd</application>, add a line to your
181<filename>/etc/inetd.conf</filename> using the following commands:</para>
182
183<screen><userinput><command>cat &gt;&gt; /etc/inetd.conf &lt;&lt; "EOF"</command>
184svn stream tcp nowait svn /usr/bin/svnserve svnserve -i
185<command>EOF</command></userinput></screen>
186
187<para>If you use <application>xinetd</application>, add the following
188lines to <filename>/etc/xinetd.conf</filename> file:</para>
189
190<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
191service svn
192{
193 port = 3690
194 socket_type = stream
195 protocol = tcp
196 wait = no
197 user = svn
198 server = /usr/bin/svnserve
199 server_args = -i -r /srv/svn/repositories
200}
201<command>EOF</command></userinput></screen>
202
203<para>Finally, if you wish to simply start the sever in daemon mode at
204startup, install the svn bootscript included in the
205<xref linkend="intro-important-bootscripts"/> package.</para>
206
207<screen><userinput><command>make install-svn</command></userinput></screen>
208
209</sect3>
210
211</sect2>
212
213</sect1>
214
Note: See TracBrowser for help on using the repository browser.