Changeset de33b2a for general/prog/svnserver.xml
- Timestamp:
- 03/12/2020 09:24:44 AM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 6ea9f5b3
- Parents:
- 5ab87cfa
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
general/prog/svnserver.xml
r5ab87cfa rde33b2a 19 19 <title>Running a Subversion Server</title> 20 20 21 <para>This section will describe how to set up, administer and secure 22 a <application>Subversion</application> server.</para> 21 <para> 22 This section will describe how to set up, administer and secure 23 a <application>Subversion</application> server. 24 </para> 23 25 24 26 <bridgehead renderas="sect3">Subversion Server Dependencies</bridgehead> 25 27 26 28 <bridgehead renderas="sect4">Required</bridgehead> 27 <para><xref linkend="subversion"/> and 28 <xref linkend="openssh"/></para> 29 <para role="required"> 30 <xref linkend="subversion"/> and 31 <xref linkend="openssh"/> 32 </para> 29 33 30 34 </sect2> … … 33 37 <title>Setting up a Subversion Server.</title> 34 38 35 <para>The following instructions will install a 36 <application>Subversion</application> server, which will be set up 37 to use <application>OpenSSH</application> as the secure remote access 38 method, with <command>svnserve</command> available for anonymous 39 access.</para> 40 41 <para>Configuration of the <application>Subversion</application> server 42 consists of the following steps:</para> 39 <para> 40 The following instructions will install a 41 <application>Subversion</application> server, which will be set up 42 to use <application>OpenSSH</application> as the secure remote access 43 method, with <command>svnserve</command> available for anonymous 44 access. 45 </para> 46 47 <para> 48 Configuration of the <application>Subversion</application> server 49 consists of the following steps: 50 </para> 43 51 44 52 <sect3> 45 53 <title>1. Setup Users, Groups, and Permissions</title> 46 54 47 <para>You'll need to be user 48 <systemitem class='username'>root</systemitem> for the initial portion of 49 configuration. Create the <systemitem class="username">svn</systemitem> 50 user and group with the following commands:</para> 55 <para> 56 You'll need to be user 57 <systemitem class='username'>root</systemitem> for the initial portion 58 of configuration. Create the <systemitem 59 class="username">svn</systemitem> user and group with the following 60 commands: 61 </para> 51 62 52 63 <screen role="root"><userinput>groupadd -g 56 svn && 53 64 useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn</userinput></screen> 54 65 55 <para>If you plan to have multiple repositories, you should have a 56 group dedicated to each repository for ease of administration. Create 57 the <systemitem class="groupname">svntest</systemitem> group for the test 58 repository and add the <systemitem class="username">svn</systemitem> 59 user to that group with the following commands:</para> 66 <para> 67 If you plan to have multiple repositories, you should have a 68 group dedicated to each repository for ease of administration. Create 69 the <systemitem class="groupname">svntest</systemitem> group for the 70 test repository and add the <systemitem 71 class="username">svn</systemitem> user to that group with the 72 following commands: 73 </para> 60 74 61 75 <screen role="root"><userinput>groupadd -g 57 svntest && 62 76 usermod -G svntest -a svn</userinput></screen> 63 77 64 <para>Additionally you should set <command>umask 002</command> while 65 working with a repository so that all new files will be writable by 66 owner and group. This is made mandatory by creating a wrapper script for 67 <command>svn</command> and <command>svnserve</command>:</para> 78 <para> 79 Additionally you should set <command>umask 002</command> while 80 working with a repository so that all new files will be writable by 81 owner and group. This is made mandatory by creating a wrapper script 82 for <command>svn</command> and <command>svnserve</command>: 83 </para> 68 84 69 85 <screen role="root"><userinput>mv /usr/bin/svn /usr/bin/svn.orig && … … 82 98 83 99 <note> 84 <para>If you use <application>Apache</application> for working with 85 the repository over HTTP, even for anonymous access, you should wrap 86 <command>/usr/sbin/httpd</command> in a similar script.</para> 100 <para> 101 If you use <application>Apache</application> for working with 102 the repository over HTTP, even for anonymous access, you should wrap 103 <command>/usr/sbin/httpd</command> in a similar script. 104 </para> 87 105 </note> 88 106 … … 110 128 svnadmin create /srv/svn/repositories/svntest</userinput></screen> 111 129 112 <para>Now that the repository is created, it should be populated with 113 something useful. You'll need to have a predefined directory 114 layout set up exactly as you want your repository to look. For 115 example, here is a sample BLFS layout setup with a root of 116 <filename>svntest/</filename>. You'll need to setup a directory 117 tree similar to the following:</para> 130 <para> 131 Now that the repository is created, it should be populated with 132 something useful. You'll need to have a predefined directory 133 layout set up exactly as you want your repository to look. For 134 example, here is a sample BLFS layout setup with a root of 135 <filename>svntest/</filename>. You'll need to setup a directory 136 tree similar to the following: 137 </para> 118 138 119 139 <screen><literal>svntest/ # The name of the repository … … 127 147 tags/ # Needed for tagging release points</literal></screen> 128 148 129 <para>Once you've created your directory layout as shown above, you 130 are ready to do the initial import:</para> 149 <para> 150 Once you've created your directory layout as shown above, you 151 are ready to do the initial import: 152 </para> 131 153 132 154 <screen role="root"><userinput>svn import -m "Initial import." \ … … 134 156 file:///srv/svn/repositories/svntest</userinput></screen> 135 157 136 <para>Now change owner and group information on the 137 repository, and add an unprivileged user to the 138 <systemitem class="groupname">svn</systemitem> and 139 <systemitem class="groupname">svntest</systemitem> groups:</para> 158 <para> 159 Now change owner and group information on the 160 repository, and add an unprivileged user to the 161 <systemitem class="groupname">svn</systemitem> and 162 <systemitem class="groupname">svntest</systemitem> groups: 163 </para> 140 164 141 165 <screen role="root"><userinput>chown -R svn:svntest /srv/svn/repositories/svntest && … … 144 168 usermod -G svn,svntest -a <replaceable><username></replaceable></userinput></screen> 145 169 146 <para><systemitem class="groupname">svntest</systemitem> is the group 147 assigned to the svntest repository. As mentioned earlier, this eases 148 administration of multiple repositories when using 149 <application>OpenSSH</application> for authentication. Going forward, 150 you'll need to add your unprivileged user, and any additional users that 151 you wish to have write access to the repository, to the 152 <systemitem class="groupname">svn</systemitem> and 153 <systemitem class="groupname">svntest</systemitem> groups.</para> 154 155 <para>In addition, you'll notice that the new repository's 156 <filename>db</filename> directory is set-groupID. If the reasoning is 157 not immediately obvious, when using any external authentication method 158 (such as <command>ssh</command>), the sticky bit is set so that all 159 new files will be owned by the user, but group of 160 <systemitem class="groupname">svntest</systemitem>. Anyone in the 161 <systemitem class="groupname">svntest</systemitem> group can create 162 files, but still give the entire group write access to those 163 files. This avoids locking out other users from the repository.</para> 164 165 <para>Now, return to an unprivileged user account, and take a 166 look at the new repository using <command>svnlook</command>:</para> 170 <para> 171 <systemitem class="groupname">svntest</systemitem> is the group 172 assigned to the svntest repository. As mentioned earlier, this eases 173 administration of multiple repositories when using 174 <application>OpenSSH</application> for authentication. Going forward, 175 you'll need to add your unprivileged user, and any additional users 176 that you wish to have write access to the repository, to the 177 <systemitem class="groupname">svn</systemitem> and <systemitem 178 class="groupname">svntest</systemitem> groups. 179 </para> 180 181 <para> 182 In addition, you'll notice that the new repository's 183 <filename>db</filename> directory is set-groupID. If the reasoning is 184 not immediately obvious, when using any external authentication method 185 (such as <command>ssh</command>), the sticky bit is set so that all 186 new files will be owned by the user, but group of 187 <systemitem class="groupname">svntest</systemitem>. Anyone in the 188 <systemitem class="groupname">svntest</systemitem> group can create 189 files, but still give the entire group write access to those 190 files. This avoids locking out other users from the repository. 191 </para> 192 193 <para> 194 Now, return to an unprivileged user account, and take a 195 look at the new repository using <command>svnlook</command>: 196 </para> 167 197 168 198 <screen><userinput>svnlook tree /srv/svn/repositories/svntest/</userinput></screen> 169 199 170 200 <note> 171 <para>You may need to log out and back in again to refresh your group 172 memberships. '<command>su <replaceable><username></replaceable></command>' 173 should work as well.</para> 201 <para> 202 You may need to log out and back in again to refresh your group 203 memberships. <command>su 204 <replaceable><username></replaceable></command> 205 should work as well. 206 </para> 174 207 </note> 175 208 … … 179 212 <title>3. Configure the Server</title> 180 213 181 <para>As mentioned previously, these instructions will configure the 182 server to use only <command>ssh</command> for write access to the 183 repository and to provide anonymous access using 184 <command>svnserve</command>. There are several other ways to provide 185 access to the repository. These additional configurations are best 186 explained at <ulink url="http://svnbook.red-bean.com/"/>.</para> 187 188 <para>Access configuration needs to be done for each repository. 189 Create the <filename>svnserve.conf</filename> file for the svntest 190 repository using the following commands:</para> 214 <para> 215 As mentioned previously, these instructions will configure the 216 server to use only <command>ssh</command> for write access to the 217 repository and to provide anonymous access using 218 <command>svnserve</command>. There are several other ways to provide 219 access to the repository. These additional configurations are best 220 explained at <ulink url="http://svnbook.red-bean.com/"/>. 221 </para> 222 223 <para> 224 Access configuration needs to be done for each repository. 225 Create the <filename>svnserve.conf</filename> file for the svntest 226 repository using the following commands: 227 </para> 191 228 192 229 <screen role="root"><userinput>cp /srv/svn/repositories/svntest/conf/svnserve.conf \ … … 199 236 EOF</userinput></screen> 200 237 201 <para>There is not a lot to the configuration file at all. You'll 202 notice that only the general section is required. Take a look at the 203 <filename>svnserve.conf.default</filename> file for information on using 204 <command>svnserve</command>'s built-in authentication method.</para> 238 <para> 239 There is not a lot to the configuration file at all. You'll notice 240 that only the general section is required. Take a look at the 241 <filename>svnserve.conf.default</filename> file for information on 242 using <command>svnserve</command>'s built-in authentication method. 243 </para> 205 244 206 245 </sect3> … … 209 248 <title>4. Starting the Server</title> 210 249 211 <para revision="sysv">To start the server at boot time, install the svn 212 bootscript included in the <xref linkend="bootscripts"/> package.</para> 213 214 <para revision="systemd">To start the server at boot time, install the 215 <filename>svnserve.service</filename> unit from the 216 <xref linkend="systemd-units"/> package.</para> 250 <para revision="sysv"> 251 To start the server at boot time, install the svn 252 bootscript included in the <xref linkend="bootscripts"/> package: 253 </para> 254 255 <para revision="systemd"> 256 To start the server at boot time, install the 257 <filename>svnserve.service</filename> unit from the 258 <xref linkend="systemd-units"/> package: 259 </para> 217 260 218 261 <indexterm zone="svnserver svnserver-init" revision="sysv"> … … 228 271 <screen role="root" revision="systemd"><userinput>make install-svnserve</userinput></screen> 229 272 230 <para revision="systemd">Additionally, the instructions above require 231 that svn server uses <command>umask 002</command> so that all new files 232 will be writable by owner and group. This can be achieved by creating 233 a systemd unit override file by running the following command:</para> 273 <para revision="systemd"> 274 Additionally, the instructions above require 275 that svn server uses <command>umask 002</command> so that all new files 276 will be writable by owner and group. This can be achieved by creating 277 a systemd unit override file by running the following command: 278 </para> 234 279 235 280 <screen role="root" revision="systemd"><userinput>mkdir -p /etc/systemd/system/svnserve.service.d 236 281 echo "UMask=0002" > /etc/systemd/system/svnserve.service.d/99-user.conf</userinput></screen> 237 282 238 <para revision="systemd">Options which are passed to 239 <command>svnserve</command> daemon can be changed in 240 <filename>/etc/default/svnserve</filename>.</para> 283 <para revision="systemd"> 284 Options which are passed to 285 <command>svnserve</command> daemon can be changed in 286 <filename>/etc/default/svnserve</filename>. 287 </para> 241 288 242 289 </sect3>
Note:
See TracChangeset
for help on using the changeset viewer.