一、部署环境
操作系统:centos7.4
yum已配置
selinux已关闭
二、部署svn+apache
1、通过yum安装apache和svn
[root@liyg ~]# yum install -y httpd subversion mod_dav_svnmod_dav_svn是apache访问svn的模块
2、验证
[root@liyg ~]# httpd -version
Server version: Apache/2.4.6 (CentOS)
Server built: Aug 4 2017 03:19:10
[root@liyg ~]# svnserve --version
svnserve, version 1.7.14 (r1542130)
compiled Nov 20 2015, 19:25:09
[root@liyg ~]# find / -name mod_dav_svn.so
[root@liyg ~]# find / -name mod_dav_svn.so
/usr/lib64/httpd/modules/mod_dav_svn.so
[root@liyg ~]# find / -name mod_authz_svn.so
/usr/lib64/httpd/modules/mod_authz_svn.so3、指定svn目录,并创建仓库
[root@liyg~]# mkdir /svn
[root@liyg ~]# svnadmin create /svn/repo
[root@liyg ~]# ll /svn/repo
total 8
drwxr-xr-x 2 root root 54 Dec 3 13:26 conf
drwxr-sr-x 6 root root 233 Dec 3 13:26 db
-r--r--r-- 1 root root 2 Dec 3 13:26 format
drwxr-xr-x 2 root root 231 Dec 3 13:26 hooks
drwxr-xr-x 2 root root 41 Dec 3 13:26 locks
-rw-r--r-- 1 root root 229 Dec 3 13:26 README.txt4、修改仓库属主属组为apache
[root@liyg ~]# chown -R apache:apache /svn/repo/
[root@liyg ~]# ll /svn/repo/
total 8
drwxr-xr-x 2 apache apache 54 Dec 3 13:46 conf
drwxr-sr-x 6 apache apache 233 Dec 3 13:46 db
-r--r--r-- 1 apache apache 2 Dec 3 13:46 format
drwxr-xr-x 2 apache apache 231 Dec 3 13:46 hooks
drwxr-xr-x 2 apache apache 41 Dec 3 13:46 locks
-rw-r--r-- 1 apache apache 229 Dec 3 13:46 README.txt5、创建svn的用户文件和权限文件
[root@liyg ~]# cd /svn/
[root@liyg svn]# touch passwd
[root@liyg svn]# cp repo/conf/authz /svn/
[root@liyg svn]# chown apache:apache passwd
[root@liyg svn]# chown apache:apache authz
[root@liyg svn]# ll
total 4
-rw-r--r-- 1 apache apache 1080 Dec 3 13:34 authz
-rw-r--r-- 1 apache apache 0 Dec 3 13:33 passwd
drwxr-xr-x 3 apache apache 23 Dec 3 13:26 repo6、创建用户admin和guest
[root@liyg svn]# htpasswd -b passwd admin qwer1234
Adding password for user admin
[root@liyg svn]# htpasswd -b passwd guest qwer1234
Adding password for user guest
在权限文件里添加(rw读写,r只读)
[root@liyg svn]# vim authz
...
[/]
admin = rw
guest = r7、配置httpd
[root@liyg ~]# vim /etc/httpd/conf.d/subversion.conf
8、启动apache服务
[root@liyg ~]# systemctl start httpd
[root@liyg ~]# netstat -antp|grep :80
tcp6 0 0 :::80 :::* LISTEN 1015/httpd9、验证部署是否成功
打开浏览器,访问http://ip/svn/repo 输入用户名密码即可访问
三、下载TortoiseSVN客户端来访问进行svn的访问
1、下载并安装
https://tortoisesvn.net/2、打开并输入svn访问地址进行访问
输入用户名密码即可看到访问结果
四、禁止删除与强制注释
要求:禁止普通用户删除文件,并针对管理员用户使其只在某个项目下的某个文件夹有删除权限,并且所有用户上传文件时需添加注释
实现:通过编写钩子脚本来实现
注:因对shell掌握不熟,以下脚本难免有疏漏之处,有改进的地方可以交流下
1、
[root@liyg ~]# cd /svn/repo/hooks/
[root@liyg hooks]# ll
total 36
-rw-r--r-- 1 apache apache 1977 Dec 3 13:46 post-commit.tmpl
-rw-r--r-- 1 apache apache 1638 Dec 3 13:46 post-lock.tmpl
-rw-r--r-- 1 apache apache 2289 Dec 3 13:46 post-revprop-change.tmpl
-rw-r--r-- 1 apache apache 1567 Dec 3 13:46 post-unlock.tmpl
-rw-r--r-- 1 apache apache 3426 Dec 3 13:46 pre-commit.tmpl
-rw-r--r-- 1 apache apache 2434 Dec 3 13:46 pre-lock.tmpl
-rw-r--r-- 1 apache apache 2786 Dec 3 13:46 pre-revprop-change.tmpl
-rw-r--r-- 1 apache apache 2122 Dec 3 13:46 pre-unlock.tmpl
-rw-r--r-- 1 apache apache 2780 Dec 3 13:46 start-commit.tmpl修改pre-commit.tmpl为pre-commit,并给予755权限
[root@liyg hooks]# cp pre-commit.tmpl pre-commit
[root@liyg hooks]# chmod 755 pre-commit
[root@liyg hooks]# ll
total 40
-rw-r--r-- 1 apache apache 1977 Dec 3 13:46 post-commit.tmpl
-rw-r--r-- 1 apache apache 1638 Dec 3 13:46 post-lock.tmpl
-rw-r--r-- 1 apache apache 2289 Dec 3 13:46 post-revprop-change.tmpl
-rw-r--r-- 1 apache apache 1567 Dec 3 13:46 post-unlock.tmpl
-rwxr-xr-x 1 apache apache 3426 Dec 3 14:25 pre-commit
-rw-r--r-- 1 apache apache 3426 Dec 3 13:46 pre-commit.tmpl
-rw-r--r-- 1 apache apache 2434 Dec 3 13:46 pre-lock.tmpl
-rw-r--r-- 1 apache apache 2786 Dec 3 13:46 pre-revprop-change.tmpl
-rw-r--r-- 1 apache apache 2122 Dec 3 13:46 pre-unlock.tmpl
-rw-r--r-- 1 apache apache 2780 Dec 3 13:46 start-commit.tmpl2、编辑文件
#!/bin/sh
REPOS="$1"
TXN="$2"
SVNLOOK=/usr/bin/svnlook
USER=`$SVNLOOK author -t $TXN $REPOS`
superuser="zhangliqiang,liyang,liuqingxi,yanghongjia,liufeng,mashiyuan,dubaihui,zhangcong,qinshaowei,lijie,guozhixing"
if [ " `echo $superuser | grep $USER |wc -l`" -eq 1 ];then
echo "superuser! all pemmision!"
else
if [ `$SVNLOOK changed -t $TXN $REPOS |grep "^D "|wc -l` -gt 0 ];then
a=`$SVNLOOK changed -t $TXN $REPOS |grep "^D " | awk -F " " '{print $2}' `
echo $a > /app/svn/svnroot/chinese.test
b=$USER
c=`grep $b /app/svn/user-path | awk -F " " '{print $2}'`
flag=0
for i in `echo $a`
#!/bin/sh
REPOS="$1"
TXN="$2"
SVNLOOK=/usr/bin/svnlook
USER=`$SVNLOOK author -t $TXN $REPOS`
superuser="zhangliqiang,liyang,liuqingxi,yanghongjia,liufeng,mashiyuan,dubaihui,zhangcong,qinshaowei,lijie,guozhixing"
if [ " `echo $superuser | grep $USER |wc -l`" -eq 1 ];then
echo "superuser! all pemmision!"
else
if [ `$SVNLOOK changed -t $TXN $REPOS |grep "^D "|wc -l` -gt 0 ];then
a=`$SVNLOOK changed -t $TXN $REPOS |grep "^D " | awk -F " " '{print $2}' `
echo $a > /app/svn/svnroot/chinese.test
b=$USER
c=`grep $b /app/svn/user-path | awk -F " " '{print $2}'`
flag=0
for i in `echo $a`
do
for j in `echo $c`
do
if [ `echo ${i#"$j"/}` != `echo $i` ];then
flag=1
fi
done
if [ ${flag} == "0" ];then
echo "You can not delete the files in these files. Please check the permissions" >&2
exit 3
fi
flag=0
done
fi
fi
LOGMSG=$($SVNLOOK log -t "$TXN" "$REPOS" | grep "[a-zA-Z0-9]" | wc -c)
if [ "$LOGMSG" -lt 1 ]; then
echo -e "\n Please write a note "1>&2
exit 1
fi