系统Linux debian 2.6.32-5-686
先安装svn工具:apt-get install subversion,耐心等待安装完成。安装完成后svn客户端、服务器都有了。
接者建立svn仓库目录svnadmin create truck
root@debian:/home/xzc# svnadmin create truck root@debian:/home/xzc# cd truck root@debian:/home/xzc/truck# ls conf db format hooks locks README.txt root@debian:/home/xzc/truck# cd conf root@debian:/home/xzc/truck/conf# ls authz passwd svnserve.conf root@debian:/home/xzc/truck/conf#
可以看到,建立的目录下已生成svn的配置文件。在默认配置下访问svn是不需要权限的。下面来设置一下权限。
svnserve.conf主要是配置整个svn的权限,如果看得懂注释,应该很容易明白。
### This file controls the configuration of the svnserve daemon, if you ### use it to allow access to this repository. (If you only allow ### access through http: and/or file: URLs, then this file is ### irrelevant.) ### Visit http://subversion.tigris.org/ for more information. [general] ### These options control access to the repository for unauthenticated ### and authenticated users. Valid values are "write", "read", ### and "none". The sample settings below are the defaults. anon-access = read auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. password-db = passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the the ### directory containing this file. If you don't specify an ### authz-db, no path-based access control is done. ### Uncomment the line below to use the default authorization file. authz-db = authz ### This option specifies the authentication realm of the repository. ### If two repositories have the same authentication realm, they should ### have the same password database, and vice versa. The default realm ### is repository's uuid. realm = truck [sasl] ### This option specifies whether you want to use the Cyrus SASL ### library for authentication. Default is false. ### This section will be ignored if svnserve is not built with Cyrus ### SASL support; to check, run 'svnserve --version' and look for a line ### reading 'Cyrus SASL authentication is available.' # use-sasl = true ### These options specify the desired strength of the security layer
anon-access = read #anon表示未认证用户(即在passwd文件里没有该用户),权限为可读。可设置为none。如果anon-access = read而不是anon-access = none,则在使用merge功能时会出现客户端试图 svn merge 总是报svn: E220001: 遇到不可读的路径;拒绝访问
auth-access = write #已认证用户(即在passwd文件里没有该用户),权限为可写。注释没有rw这种写法,估计是有写权限必有读权限
password-db = passwd #用户配置文件,可以指定其他路径名字。
authz-db = authz #用户权限认证配置文件,可以指定其他路径名字。
realm = truck #认证范围
认证范围其实是自己定义的(一般为自己的svn目录或项目名,只是为了好记)。比如我定义为truck,那么其他svn目录如果在配置中也把认证范围标为truck,那么就要用我的认证,即使用我的passwd、authz文件。举个例子:
上面我们已在/home/xzc/truck下建立了一个svn仓库,假如公司现在又开了一个项目,那么就要为新项目建立一个svn仓库。而这个项目是由原项目truck的成员来做,又想用回原来的权限配置。 svnadmin create truck_test anon-access = read auth-access = write password-db = ./../../truck/conf/passwd authz-db = ./../../truck/conf/authz realm = truck #认证范围
那么,因为两个仓库目录的认证范围相同,则共用一份认证文件。如果认证范围一样,但认证文件不相同,还不知道会发生什么事情。作者只说“If two repositories have the same authentication realm, they should have the same password database, and vice versa”。
下面配置用户文件passwd
### This file is an example password file for svnserve. ### Its format is similar to that of svnserve.conf. As shown in the ### example below it contains one section labelled [users]. ### The name and password for each user follow, one account per line. [users] # harry = harryssecret # sally = sallyssecret xzc = 1
可以看到,我增加了一个用户xzc,密码为1。注意一下空格之类的,以免认证错误。
然后是权限配置文件authz
### This file is an example authorization file for svnserve. ### Its format is identical to that of mod_authz_svn authorization ### files. ### As shown below each section defines authorizations for the path and ### (optional) repository specified by the section name. ### The authorizations follow. An authorization line can refer to: ### - a single user, ### - a group of users defined in a special [groups] section, ### - an alias defined in a special [aliases] section, ### - all authenticated users, using the '$authenticated' token, ### - only anonymous users, using the '$anonymous' token, ### - anyone, using the '*' wildcard. ### ### A match can be inverted by prefixing the rule with '~'. Rules can ### grant read ('r') access, read-write ('rw') access, or no access ### (''). [aliases] # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] # harry_and_sally = harry,sally # harry_sally_and_joe = harry,sally,&joe local_administrator = xzc # [/foo/bar] # harry = rw # &joe = r # * = # [repository:/baz/fuz] # @harry_and_sally = rw # * = r [/] @local_administrator = r
对第一个aliases不太清楚,猜测是别名。比如有个用户名字叫aa_bb_cc_dd_ee,你嫌他名字太长太难写,于是写了个别名abcd = aa_bb_cc_dd_ee,那么下面配置权限只需要写abcd就可以了。但原文件中的写法实在看不懂,也懒得去验证。不知有没有大神知道。
groups就是组了,比如你想把管理人员分为一组、程序员分为一组,一组人的权限是相同的。组的名字自己随意起。上面我起了一个local_administrator组,里面只有xzc一个用户,如果有多个,用,号分开。
下面就是项目目录的权限设置了。[仓库名:/路径],比如[truck:/]表示truck仓库中根目录的权限设置。这与svnserve的-r参数有关,在本例中svnserver -d -r /home/xzc/truck启动则需要配置为[/],表示-r参数(/home/xzc/truck)的根目录,svnserver -d -r /home/xzc/的参数则为[truck:/]。[/foo/bar]这种是绝对路径的,不用仓库名。
@local_administrator中的@表示local_administrator是一个组名而不是用户名,所以注意起用户名时不要带这些符号。r表示只有read权限,也可以是rw或w或空,空表示什么权限都没有。xzc = rw则表示用户xzc具有read和write权限。* = r则表示所有用户(防止用户太多列不完)都有read权限。
注意:
1.authz文件修改后即生效,不用重启svn。passwd也可以这样,但在passwd中添加用户后记得在authz中添加对应的权限。
2.如果遇到“Unable to connect to a repository at URL xxx,认证错误”而且又不弹出让你重新登录的窗口时,则是没有指定passwd用户配置文件或是用户配置文件里没有任何用户,又或者是passwd格式错误,见http://shuishiwo.iteye.com/blog/1754069。
3.authz中子目录会继承父目录的权限,除非你另外设置了子目录的权限。子目录的权限优先于继承的权限。见http://www.cnblogs.com/terryglp/articles/2451398.html。
svn基本配置好了,那么就来启动svn了(可试试svnserve -help帮助):svnserve -d -r /home/xzc/truck.
-d 表示以daemon方式(后台运行)运行
-r 即指定仓库目录dir路径
下面再来启动另一个仓库truck_test
xzc@debian:~$ svnserve -d -r /home/xzc/truck_test/
svnserve: 不能绑定服务器套接字: 地址已在使用
可以看到,因为svn默认端口已被truck使用,这个无法启动,则需要指定端口
xzc@debian:~$ svnserve -d --listen-port 3691 -r /home/xzc/truck_test xzc@debian:~$ ps -ef | grep svnserve xzc 1702 1 0 20:40 ? 00:00:00 svnserve -d -r /home/xzc/truck xzc 1754 1 0 22:04 ? 00:00:00 svnserve -d --listen-port 3691 -r /home/xzc/truck_test xzc 1756 1442 0 22:04 pts/0 00:00:00 grep svnserve xzc@debian:~$
通过查看进程,可以看到两个仓库目录都已启动。接下来就是使用了。假如我的服务器ip为192.168.0.100,注意在check out时,是svn://192.168.0.100:3690而不是svn://192.168.0.100:3690/truck,仓库的名字并不出现在路径中,svn://192.168.0.100:3690其实就是/home/xzc/truck目录。但如果以参数svnserve -d -r /home/xzc启动,则是svn://192.168.0.100:3690/truck,不过这样就把truck_test一起在同一端口启动了。如果是路径错误则报
如果在check out或commit的时候,发现权限问题,则考虑-r参数与authz的参数配置是否正确
