Changeset eae0107f for server/other/svnserver.xml
- Timestamp:
- 05/18/2005 09:11:57 PM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 12.2, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gimp3, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/for-12.3, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/spidermonkey128, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 34d58f1
- Parents:
- 5ab6e72
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/other/svnserver.xml
r5ab6e72 reae0107f 7 7 8 8 <sect1 id="svnserver" xreflabel="Running a Subversion Server"> 9 <sect1info> 10 <othername>$LastChangedBy$</othername> 11 <date>$Date$</date> 12 </sect1info> 13 <?dbhtml filename="svnserver.html"?> 14 <title>Running a Subversion Server</title> 15 16 <sect2> 17 <title>Running a Subversion Server</title> 18 <para>This section will describe how to set up, administer and secure 19 a <application>Subversion</application> server.</para> 20 21 <sect3><title><application>Subversion server</application> dependencies</title> 22 <sect4><title>Required</title> 23 <para><xref linkend="subversion"/> and <xref linkend="openssh"/></para> 24 </sect4> 25 </sect3> 26 27 </sect2> 28 29 <sect2> 30 <title>Setting up a <application>Subversion</application> server.</title> 31 32 <para>The following instructions will install a 33 <application>Subversion</application> server, which will be set up to 34 use <application>OpenSSH</application> as the secure remote access method, with 35 <command>svnserve</command> available for anonymous access.</para> 36 37 <para>Configuration of the <application>Subversion</application> server 38 consists of the following steps:</para> 39 40 <sect3><title>1. Setup users, groups, and permissions</title> 41 <para>You'll need to be user root for the initial portion of 42 configuration. Create the svn user and group with the following 43 commands:</para> 44 45 <screen><userinput><command>groupadd svn && 46 useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false svn</command></userinput></screen> 47 48 <para>If you plan to have multiple repositories, you should have a 49 group dedicated to each repository for ease of administration. Create 50 the svntest group for the test repository and add the svn user to that 51 group with the following commands:</para> 52 53 <screen><userinput><command>groupadd svntest && 54 usermod -G svntest svn</command></userinput></screen> 55 56 <para>Additionally you should set <command>umask 002</command> while working 57 with a repository so that all new files will be writable by owner and group. 58 This is made mandatory by creating a wrapper script for 59 <command>svn</command> and <command>svnserve</command>:</para> 60 61 <screen><userinput><command>mv /usr/bin/svn /usr/bin/svn.orig && 9 <?dbhtml filename="svnserver.html"?> 10 11 <sect1info> 12 <othername>$LastChangedBy$</othername> 13 <date>$Date$</date> 14 </sect1info> 15 16 <title>Running a Subversion Server</title> 17 18 <sect2 role="package"> 19 <title>Running a Subversion Server</title> 20 21 <para>This section will describe how to set up, administer and secure 22 a <application>Subversion</application> server.</para> 23 24 <bridgehead renderas="sect3">Subversion Server Dependencies</bridgehead> 25 26 <bridgehead renderas="sect4">Required</bridgehead> 27 <para><xref linkend="subversion"/> and 28 <xref linkend="openssh"/></para> 29 30 </sect2> 31 32 <sect2 role="configuration"> 33 <title>Setting up a Subversion Server.</title> 34 35 <para>The following instructions will install a 36 <application>Subversion</application> server, which will be set up 37 to use <application>OpenSSH</application> as the secure remote access 38 method, with <command>svnserve</command> available for anonymous 39 access.</para> 40 41 <para>Configuration of the <application>Subversion</application> server 42 consists of the following steps:</para> 43 44 <sect3> 45 <title>1. Setup Users, Groups, and Permissions</title> 46 47 <para>You'll need to be user root for the initial portion of 48 configuration. Create the <systemitem class="username">svn</systemitem> 49 user and group with the following commands:</para> 50 51 <screen role="root"><userinput>groupadd svn && 52 useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false svn</userinput></screen> 53 54 <para>If you plan to have multiple repositories, you should have a 55 group dedicated to each repository for ease of administration. Create 56 the <systemitem class="groupname">svntest</systemitem> group for the test 57 repository and add the <systemitem class="username">svn</systemitem> 58 user to that group with the following commands:</para> 59 60 <screen role="root"><userinput>groupadd svntest && 61 usermod -G svntest svn</userinput></screen> 62 63 <para>Additionally you should set <command>umask 002</command> while 64 working with a repository so that all new files will be writable by 65 owner and group. This is made mandatory by creating a wrapper script for 66 <command>svn</command> and <command>svnserve</command>:</para> 67 68 <screen role="root"><userinput>mv /usr/bin/svn /usr/bin/svn.orig && 62 69 mv /usr/bin/svnserve /usr/bin/svnserve.orig && 63 cat >> /usr/bin/svn << "EOF" </command>64 #!/bin/sh70 cat >> /usr/bin/svn << "EOF" 71 <literal>#!/bin/sh 65 72 umask 002 66 /usr/bin/svn.orig "$@" 67 <command>EOF68 cat >> /usr/bin/svnserve << "EOF" </command>69 #!/bin/sh73 /usr/bin/svn.orig "$@"</literal> 74 EOF 75 cat >> /usr/bin/svnserve << "EOF" 76 <literal>#!/bin/sh 70 77 umask 002 71 /usr/bin/svnserve.orig "$@" 72 <command>EOF 73 chmod 0755 /usr/bin/svn{,serve}</command></userinput></screen> 74 75 <note><para>If you use <application>Apache</application> for working with 76 the repository over <acronym>HTTP</acronym>, even for anonymous access, you 77 should wrap <command>/usr/sbin/httpd</command> in a similar 78 script.</para></note> 79 80 </sect3> 81 82 <sect3><title>2. Create a <application>Subversion</application> 83 repository.</title> 84 85 <para>With subversion-1.1.0 and greater, a new type of repository 86 data-store is available, <acronym>FSFS</acronym>. There is a tradeoff 87 for speed with the new backend, however, the repository can now be 88 placed on a network mount, and any corruption does not require an 89 admin to recover the repository. For more information and comparison 90 between <acronym>FSFS</acronym> and <acronym>BDB</acronym>, plese see 91 <ulink url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>. 92 Optionally you can pass <parameter>bdb</parameter> in place of 93 <parameter>fsfs</parameter> in the following command to create a 94 BerkelyDB data-store.</para> 95 96 <para>Create a new <application>Subversion</application> repository with 97 the following commands:</para> 98 99 <screen><userinput><command>install -d -m0755 /srv && 78 /usr/bin/svnserve.orig "$@"</literal> 79 EOF 80 chmod 0755 /usr/bin/svn{,serve}</userinput></screen> 81 82 <note> 83 <para>If you use <application>Apache</application> for working with 84 the repository over HTTP, even for anonymous access, you should wrap 85 <command>/usr/sbin/httpd</command> in a similar script.</para> 86 </note> 87 88 </sect3> 89 90 <sect3> 91 <title>2. Create a Subversion repository.</title> 92 93 <para>With subversion-1.1.0 and greater, a new type of repository 94 data-store is available, FSFS. There is a tradeoff for speed with 95 the new backend, however, the repository can now be placed on a 96 network mount, and any corruption does not require an admin to 97 recover the repository. For more information and comparison between 98 FSFS and BDB, plese see <ulink 99 url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>. 100 Optionally you can pass <option>bdb</option> in place of 101 <option>fsfs</option> in the following command to create a 102 BerkelyDB data-store.</para> 103 104 <para>Create a new <application>Subversion</application> repository with 105 the following commands:</para> 106 107 <screen role="root"><userinput>install -d -m0755 /srv && 100 108 install -d -m0755 -o svn -g svn /srv/svn/repositories && 101 svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</command></userinput></screen> 102 103 <para>Now that the repository is created, we need to populate it with 104 something useful. You'll need to have a predefined directory layout 105 setup exactly as you want your repository to look. For example, here 106 is a sample BLFS layout setup with a root of <filename>svntest/</filename>. 107 You'll need to setup a directory tree similar to the following:</para> 108 109 <screen> svntest/ # The name of the repository 109 svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</userinput></screen> 110 111 <para>Now that the repository is created, we need to populate it 112 with something useful. You'll need to have a predefined directory 113 layout setup exactly as you want your repository to look. For 114 example, here is a sample BLFS layout setup with a root of 115 <filename>svntest/</filename>. You'll need to setup a directory 116 tree similar to the following:</para> 117 118 <screen><literal> svntest/ # The name of the repository 110 119 trunk/ # Contains the existing source tree 111 120 BOOK/ … … 115 124 scripts/ 116 125 branches/ # Needed for additional branches 117 tags/ # Needed for tagging release points</ screen>118 119 <para>Once you've created your directory layout as shown above, you are ready 120 to do the initial import:</para>121 122 <screen ><userinput><command>svn import -m "Initial import." \126 tags/ # Needed for tagging release points</literal></screen> 127 128 <para>Once you've created your directory layout as shown above, you 129 are ready to do the initial import:</para> 130 131 <screen role="root"><userinput>svn import -m "Initial import." \ 123 132 <replaceable>[/path/to/source/tree]</replaceable> \ 124 file:///srv/svn/repositories/svntest</command></userinput></screen> 125 126 <para>Now go ahead and change owner and group information on the 127 repository, and add your normal user to the svn and svntest groups:</para> 128 129 <screen><userinput><command>chown -R svn:svntest /srv/svn/repositories/svntest && 133 file:///srv/svn/repositories/svntest</userinput></screen> 134 135 <para>Now go ahead and change owner and group information on the 136 repository, and add your normal user to the 137 <systemitem class="groupname">svn</systemitem> and 138 <systemitem class="groupname">svntest</systemitem> groups:</para> 139 140 <screen role="root"><userinput>chown -R svn:svntest /srv/svn/repositories/svntest && 130 141 chmod -R g+w /srv/svn/repositories/svntest && 131 142 chmod g+s /srv/svn/repositories/svntest/db && 132 usermod -G svn,svntest,<replaceable>[insert existing groups]</replaceable> <replaceable>[username]</replaceable></command></userinput></screen> 133 134 <para>svntest is the group assigned to the svntest repository. As 135 mentioned earlier, this eases administration of multiple repositories 136 when using <application>OpenSSH</application> for authentication. Going 137 forward, you'll need to add your regular user, and any additional users 138 that you wish to have write access to the repository, to the svn and 139 svntest groups.</para> 140 141 <para>In addition, you'll notice that the new repository's 142 <filename>db</filename> directory is set-groupID. If the reasoning is 143 not immediately obvious, when using any external authentication method 144 (such as <command>ssh</command>), the sticky bit is set so that all new files 145 will be owned by the user, but group of svntest. Anyone in the svntest group 146 can create files, but still give the entire group write access to those 147 files. This avoids locking out other users from the repository.</para> 148 149 <para>Now, go ahead and return to your normal user account, and take a look at 150 your new repository using <command>svnlook</command>:</para> 151 152 <screen><userinput><command>svnlook tree /srv/svn/repositories/svntest/</command></userinput></screen> 153 154 <note><para>You may need to log out and back in again to refresh your group 155 memberships. '<command>su <replaceable>[username]</replaceable></command>' 156 should work around this as well.</para></note> 157 158 </sect3> 159 160 <sect3><title>3. Configure the server</title> 161 162 <para>As mentioned previously, these instructions will configure the 163 server to use only <command>ssh</command> for write access to the repository 164 and to provide anonymous access using <command>svnserve</command>. There are 165 several other ways to provide access to the repository. These additional 166 configurations are best explained at 167 <ulink url="http://svnbook.red-bean.com/"/>.</para> 168 169 <para>Access configuration needs to be done for each repository. Create 170 the <filename>svnserve.conf</filename> file for the svntest repository 171 using the following commands:</para> 172 173 <screen><userinput><command>cp /srv/svn/repositories/svntest/conf/svnserve.conf \ 143 usermod -G svn,svntest,<replaceable>[insert existing groups]</replaceable> <replaceable>[username]</replaceable></userinput></screen> 144 145 <para><systemitem class="groupname">svntest</systemitem> is the group 146 assigned to the svntest repository. As mentioned earlier, this eases 147 administration of multiple repositories when using 148 <application>OpenSSH</application> for authentication. Going forward, 149 you'll need to add your regular user, and any additional users that 150 you wish to have write access to the repository, to the 151 <systemitem class="groupname">svn</systemitem> and 152 <systemitem class="groupname">svntest</systemitem> groups.</para> 153 154 <para>In addition, you'll notice that the new repository's 155 <filename>db</filename> directory is set-groupID. If the reasoning is 156 not immediately obvious, when using any external authentication method 157 (such as <command>ssh</command>), the sticky bit is set so that all 158 new files will be owned by the user, but group of 159 <systemitem class="groupname">svntest</systemitem>. Anyone in the 160 <systemitem class="groupname">svntest</systemitem> group can create 161 files, but still give the entire group write access to those 162 files. This avoids locking out other users from the repository.</para> 163 164 <para>Now, go ahead and return to your normal user account, and take a 165 look at your new repository using <command>svnlook</command>:</para> 166 167 <screen><userinput>svnlook tree /srv/svn/repositories/svntest/</userinput></screen> 168 169 <note> 170 <para>You may need to log out and back in again to refresh your group 171 memberships. '<command>su <replaceable>[username]</replaceable></command>' 172 should work around this as well.</para> 173 </note> 174 175 </sect3> 176 177 <sect3> 178 <title>3. Configure the Server</title> 179 180 <para>As mentioned previously, these instructions will configure the 181 server to use only <command>ssh</command> for write access to the 182 repository and to provide anonymous access using 183 <command>svnserve</command>. There are several other ways to provide 184 access to the repository. These additional configurations are best 185 explained at <ulink url="http://svnbook.red-bean.com/"/>.</para> 186 187 <para>Access configuration needs to be done for each repository. 188 Create the <filename>svnserve.conf</filename> file for the svntest 189 repository using the following commands:</para> 190 191 <screen role="root"><userinput>cp /srv/svn/repositories/svntest/conf/svnserve.conf \ 174 192 /srv/svn/repositories/svntest/conf/svnserve.conf.default && 175 cat > /srv/svn/repositories/svntest/conf/svnserve.conf << "EOF" </command>176 [general]193 cat > /srv/svn/repositories/svntest/conf/svnserve.conf << "EOF" 194 <literal>[general] 177 195 anon-access = read 178 auth-access = write 179 <command>EOF</command></userinput></screen> 180 181 <para>There is not a lot to the configuration file at all. You'll notice 182 that only the general section is required. Take a look at the 183 <filename>svnserve.conf.default</filename> file for information on using 184 <command>svnserve</command>'s built-in authentication method.</para> 185 186 </sect3> 187 188 <sect3><title>4. Starting the server</title> 189 <para>There are a couple of ways to start <command>svnserve</command>. The 190 most common way is to start it as an <command>inetd</command> or 191 <command>xinetd</command> process. Alternately, you can use a 192 bootscript to start the service at startup.</para> 193 194 <note><para>If you do not wish to provide anonymous access to your svn 195 repositories or use <command>svnserve</command>'s built-in 196 authentication, you do not need to run 197 <command>svnserve</command>.</para></note> 198 199 <para>If you use <command>inetd</command>, add a line to 200 <filename>/etc/inetd.conf</filename> using the following commands:</para> 201 202 <screen><userinput><command>cat >> /etc/inetd.conf << "EOF"</command> 203 svn stream tcp nowait svn /usr/bin/svnserve svnserve -i 204 <command>EOF</command></userinput></screen> 205 206 <para>If you use <command>xinetd</command>, the following command will create the 207 <application>Subversion server</application> file as <filename>/etc/xinetd.d/svn</filename>:</para> 208 209 <screen><userinput><command>cat >> /etc/xinetd.d/svn << "EOF"</command> 210 # Begin /etc/xinetd.d/svn 196 auth-access = write</literal> 197 EOF</userinput></screen> 198 199 <para>There is not a lot to the configuration file at all. You'll 200 notice that only the general section is required. Take a look at the 201 <filename>svnserve.conf.default</filename> file for information on using 202 <command>svnserve</command>'s built-in authentication method.</para> 203 204 </sect3> 205 206 <sect3 id="svnserver-init"> 207 <title>4. Starting the Server</title> 208 209 <para>There are a couple of ways to start <command>svnserve</command>. 210 The most common way is to start it as an <command>inetd</command> or 211 <command>xinetd</command> process. Alternately, you can use a 212 bootscript to start the service at startup.</para> 213 214 <note> 215 <para>If you do not wish to provide anonymous access to your svn 216 repositories or use <command>svnserve</command>'s built-in 217 authentication, you do not need to run 218 <command>svnserve</command>.</para> 219 </note> 220 221 <para>If you use <command>inetd</command>, add a line to 222 <filename>/etc/inetd.conf</filename> using the following 223 commands:</para> 224 225 <indexterm zone="svnserver svnserver-init"> 226 <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> 227 </indexterm> 228 229 <screen role="root"><userinput>cat >> /etc/inetd.conf << "EOF" 230 <literal>svn stream tcp nowait svn /usr/bin/svnserve svnserve -i</literal> 231 EOF</userinput></screen> 232 233 <para>If you use <command>xinetd</command>, the following command will 234 create the <application>Subversion</application> server file as 235 <filename>/etc/xinetd.d/svn</filename>:</para> 236 237 <indexterm zone="svnserver svnserver-init "> 238 <primary sortas="e-etc-xinetd.d-svn">/etc/xinetd.d/svn</primary> 239 </indexterm> 240 241 <screen role="root"><userinput>cat >> /etc/xinetd.d/svn << "EOF" 242 <literal># Begin /etc/xinetd.d/svn 211 243 212 244 service svn … … 221 253 } 222 254 223 # End /etc/xinetd.d/svn 224 <command>EOF</command></userinput></screen> 225 226 <para>Finally, if you wish to simply start the sever at 227 startup, install the svn bootscript included in the 228 <xref linkend="intro-important-bootscripts"/> package.</para> 229 230 <screen><userinput><command>make install-svn</command></userinput></screen> 231 232 </sect3> 233 234 </sect2> 255 # End /etc/xinetd.d/svn</literal> 256 EOF</userinput></screen> 257 258 <para>Finally, if you wish to simply start the sever at 259 startup, install the svn bootscript included in the 260 <xref linkend="intro-important-bootscripts"/> package.</para> 261 262 <indexterm zone="svnserver svnserver-init"> 263 <primary sortas="f-svn">svn</primary> 264 </indexterm> 265 266 <screen role="root"><userinput>make install-svn</userinput></screen> 267 268 </sect3> 269 270 </sect2> 235 271 236 272 </sect1> 237
Note:
See TracChangeset
for help on using the changeset viewer.