• linux下部署svn服务器


      系统Linux debian 2.6.32-5-686

      先安装svn工具:apt-get install subversion,耐心等待安装完成。安装完成后svn客户端、服务器都有了。

      接者建立svn仓库目录svnadmin create truck

    root@debian:/home/xzc# svnadmin create truck
    root@debian:/home/xzc# cd truck
    root@debian:/home/xzc/truck# ls
    conf  db  format  hooks  locks  README.txt
    root@debian:/home/xzc/truck# cd conf
    root@debian:/home/xzc/truck/conf# ls
    authz  passwd  svnserve.conf
    root@debian:/home/xzc/truck/conf# 

    可以看到,建立的目录下已生成svn的配置文件。在默认配置下访问svn是不需要权限的。下面来设置一下权限。
    svnserve.conf主要是配置整个svn的权限,如果看得懂注释,应该很容易明白。

    ### This file controls the configuration of the svnserve daemon, if you
    ### use it to allow access to this repository.  (If you only allow
    ### access through http: and/or file: URLs, then this file is
    ### irrelevant.)
    
    ### Visit http://subversion.tigris.org/ for more information.
    
    [general]
    ### These options control access to the repository for unauthenticated
    ### and authenticated users.  Valid values are "write", "read",
    ### and "none".  The sample settings below are the defaults.
    anon-access = read
    auth-access = write
    ### The password-db option controls the location of the password
    ### database file.  Unless you specify a path starting with a /,
    ### the file's location is relative to the directory containing
    ### this configuration file.
    ### If SASL is enabled (see below), this file will NOT be used.
    ### Uncomment the line below to use the default password file.
    password-db = passwd
    ### The authz-db option controls the location of the authorization
    ### rules for path-based access control.  Unless you specify a path
    ### starting with a /, the file's location is relative to the the
    ### directory containing this file.  If you don't specify an
    ### authz-db, no path-based access control is done.
    ### Uncomment the line below to use the default authorization file.
    authz-db = authz
    ### This option specifies the authentication realm of the repository.
    ### If two repositories have the same authentication realm, they should
    ### have the same password database, and vice versa.  The default realm
    ### is repository's uuid.
    realm = truck
    
    [sasl]
    ### This option specifies whether you want to use the Cyrus SASL
    ### library for authentication. Default is false.
    ### This section will be ignored if svnserve is not built with Cyrus
    ### SASL support; to check, run 'svnserve --version' and look for a line
    ### reading 'Cyrus SASL authentication is available.'
    # use-sasl = true
    ### These options specify the desired strength of the security layer
    View Code

    anon-access = read    #anon表示未认证用户(即在passwd文件里没有该用户),权限为可读。可设置为none。如果anon-access = read而不是anon-access = none,则在使用merge功能时会出现客户端试图 svn merge 总是报svn: E220001: 遇到不可读的路径;拒绝访问

    auth-access = write  #已认证用户(即在passwd文件里没有该用户),权限为可写。注释没有rw这种写法,估计是有写权限必有读权限

    password-db = passwd #用户配置文件,可以指定其他路径名字。

    authz-db = authz #用户权限认证配置文件,可以指定其他路径名字。

    realm = truck  #认证范围

    认证范围其实是自己定义的(一般为自己的svn目录或项目名,只是为了好记)。比如我定义为truck,那么其他svn目录如果在配置中也把认证范围标为truck,那么就要用我的认证,即使用我的passwd、authz文件。举个例子:

    上面我们已在/home/xzc/truck下建立了一个svn仓库,假如公司现在又开了一个项目,那么就要为新项目建立一个svn仓库。而这个项目是由原项目truck的成员来做,又想用回原来的权限配置。
    
    svnadmin create truck_test
    
    anon-access = read
    
    auth-access = write 
    
    password-db = ./../../truck/conf/passwd
    
    authz-db = ./../../truck/conf/authz 
    
    realm = truck  #认证范围

    那么,因为两个仓库目录的认证范围相同,则共用一份认证文件。如果认证范围一样,但认证文件不相同,还不知道会发生什么事情。作者只说“If two repositories have the same authentication realm, they should have the same password database, and vice versa”。
    下面配置用户文件passwd

    ### This file is an example password file for svnserve.
    ### Its format is similar to that of svnserve.conf. As shown in the
    ### example below it contains one section labelled [users].
    ### The name and password for each user follow, one account per line.
    
    [users]
    # harry = harryssecret
    # sally = sallyssecret
    xzc = 1

    可以看到,我增加了一个用户xzc,密码为1。注意一下空格之类的,以免认证错误。
    然后是权限配置文件authz

    ### This file is an example authorization file for svnserve.
    ### Its format is identical to that of mod_authz_svn authorization
    ### files.
    ### As shown below each section defines authorizations for the path and
    ### (optional) repository specified by the section name.
    ### The authorizations follow. An authorization line can refer to:
    ###  - a single user,
    ###  - a group of users defined in a special [groups] section,
    ###  - an alias defined in a special [aliases] section,
    ###  - all authenticated users, using the '$authenticated' token,
    ###  - only anonymous users, using the '$anonymous' token,
    ###  - anyone, using the '*' wildcard.
    ###
    ### A match can be inverted by prefixing the rule with '~'. Rules can
    ### grant read ('r') access, read-write ('rw') access, or no access
    ### ('').
    
    [aliases]
    # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
    
    [groups]
    # harry_and_sally = harry,sally
    # harry_sally_and_joe = harry,sally,&joe
    local_administrator = xzc
    
    # [/foo/bar]
    # harry = rw
    # &joe = r
    # * =
    
    # [repository:/baz/fuz]
    # @harry_and_sally = rw
    # * = r
    
    [/]
    @local_administrator = r

     对第一个aliases不太清楚,猜测是别名。比如有个用户名字叫aa_bb_cc_dd_ee,你嫌他名字太长太难写,于是写了个别名abcd = aa_bb_cc_dd_ee,那么下面配置权限只需要写abcd就可以了。但原文件中的写法实在看不懂,也懒得去验证。不知有没有大神知道。

    groups就是组了,比如你想把管理人员分为一组、程序员分为一组,一组人的权限是相同的。组的名字自己随意起。上面我起了一个local_administrator组,里面只有xzc一个用户,如果有多个,用,号分开。

    下面就是项目目录的权限设置了。[仓库名:/路径],比如[truck:/]表示truck仓库中根目录的权限设置。这与svnserve的-r参数有关,在本例中svnserver -d -r /home/xzc/truck启动则需要配置为[/],表示-r参数(/home/xzc/truck)的根目录,svnserver -d -r /home/xzc/的参数则为[truck:/]。[/foo/bar]这种是绝对路径的,不用仓库名。

    @local_administrator中的@表示local_administrator是一个组名而不是用户名,所以注意起用户名时不要带这些符号。r表示只有read权限,也可以是rw或w或空,空表示什么权限都没有。xzc = rw则表示用户xzc具有read和write权限。* = r则表示所有用户(防止用户太多列不完)都有read权限。

    注意:

    1.authz文件修改后即生效,不用重启svn。passwd也可以这样,但在passwd中添加用户后记得在authz中添加对应的权限。

    2.如果遇到“Unable to connect to a repository at URL xxx,认证错误”而且又不弹出让你重新登录的窗口时,则是没有指定passwd用户配置文件或是用户配置文件里没有任何用户,又或者是passwd格式错误,见http://shuishiwo.iteye.com/blog/1754069

    3.authz中子目录会继承父目录的权限,除非你另外设置了子目录的权限。子目录的权限优先于继承的权限。见http://www.cnblogs.com/terryglp/articles/2451398.html

      svn基本配置好了,那么就来启动svn了(可试试svnserve -help帮助):svnserve -d -r /home/xzc/truck.

    -d 表示以daemon方式(后台运行)运行

    -r 即指定仓库目录dir路径

    下面再来启动另一个仓库truck_test

    xzc@debian:~$ svnserve -d -r /home/xzc/truck_test/
    svnserve: 不能绑定服务器套接字: 地址已在使用

    可以看到,因为svn默认端口已被truck使用,这个无法启动,则需要指定端口

    xzc@debian:~$ svnserve -d --listen-port 3691 -r /home/xzc/truck_test
    xzc@debian:~$ ps -ef | grep svnserve
    xzc       1702     1  0 20:40 ?        00:00:00 svnserve -d -r /home/xzc/truck
    xzc       1754     1  0 22:04 ?        00:00:00 svnserve -d --listen-port 3691 -r /home/xzc/truck_test
    xzc       1756  1442  0 22:04 pts/0    00:00:00 grep svnserve
    xzc@debian:~$

    通过查看进程,可以看到两个仓库目录都已启动。接下来就是使用了。假如我的服务器ip为192.168.0.100,注意在check out时,是svn://192.168.0.100:3690而不是svn://192.168.0.100:3690/truck,仓库的名字并不出现在路径中,svn://192.168.0.100:3690其实就是/home/xzc/truck目录。但如果以参数svnserve -d -r /home/xzc启动,则是svn://192.168.0.100:3690/truck,不过这样就把truck_test一起在同一端口启动了。如果是路径错误则报

    如果在check out或commit的时候,发现权限问题,则考虑-r参数与authz的参数配置是否正确

  • 相关阅读:
    树链剖分 关于点权与边权的转换
    2018 CCPC 吉林站 H Lovers || HDU 6562 (线段树哦)
    统计学习方法(一)概念
    python学习心得(三)
    python学习心得
    Python学习:基本概念
    Python学习(一)
    SparkMLlib聚类学习之KMeans聚类
    SparkMLlib回归算法之决策树
    SparkMLlib学习之线性回归
  • 原文地址:https://www.cnblogs.com/coding-my-life/p/3750589.html
Copyright © 2020-2023  润新知