【subversion】svn服务端部署及帐密权限配置

专题:Linux应用服务配置

各类Linux软件安装配置

更多内容请点击 我的博客 查看,欢迎来访。

Subversion(SVN),是一个集中式项目版本管理工具。

  1. 可以记录每一次文件和目录的修改情况,以版本号存储,可以根据这个版本号进行还原;
  2. 不同的用户可以随时从服务器端更新修改的文件,达到在开发中的实时共享;

BLOG_20191026_212022_74

在线安装

参考官方教程安装: http://subversion.apache.org/packages.html

[root@localhost ~]# yum install -y subversion

已安装:
  subversion.x86_64 0:1.7.14-14.el7                                                                                                        

作为依赖被安装:
  apr.x86_64 0:1.4.8-5.el7                     apr-util.x86_64 0:1.5.2-6.el7                    gnutls.x86_64 0:3.3.29-9.el7_6            
  libmodman.x86_64 0:2.0.1-8.el7               libproxy.x86_64 0:0.4.11-11.el7                  neon.x86_64 0:0.30.0-4.el7                
  nettle.x86_64 0:2.7.1-8.el7                  pakchois.x86_64 0:0.4-10.el7                     perl.x86_64 4:5.16.3-294.el7_6            
  perl-Carp.noarch 0:1.26-244.el7              perl-Encode.x86_64 0:2.51-7.el7                  perl-Exporter.noarch 0:5.68-3.el7         
  perl-File-Path.noarch 0:2.09-2.el7           perl-File-Temp.noarch 0:0.23.01-3.el7            perl-Filter.x86_64 0:1.49-3.el7           
  perl-Getopt-Long.noarch 0:2.40-3.el7         perl-HTTP-Tiny.noarch 0:0.033-3.el7              perl-PathTools.x86_64 0:3.40-5.el7        
  perl-Pod-Escapes.noarch 1:1.04-294.el7_6     perl-Pod-Perldoc.noarch 0:3.20-4.el7             perl-Pod-Simple.noarch 1:3.28-4.el7       
  perl-Pod-Usage.noarch 0:1.63-3.el7           perl-Scalar-List-Utils.x86_64 0:1.27-248.el7     perl-Socket.x86_64 0:2.010-4.el7          
  perl-Storable.x86_64 0:2.45-3.el7            perl-Text-ParseWords.noarch 0:3.29-4.el7         perl-Time-HiRes.x86_64 4:1.9725-3.el7     
  perl-Time-Local.noarch 0:1.2300-2.el7        perl-constant.noarch 0:1.27-2.el7                perl-libs.x86_64 4:5.16.3-294.el7_6       
  perl-macros.x86_64 4:5.16.3-294.el7_6        perl-parent.noarch 1:0.225-244.el7               perl-podlators.noarch 0:2.5.1-3.el7       
  perl-threads.x86_64 0:1.87-4.el7             perl-threads-shared.x86_64 0:1.43-6.el7          subversion-libs.x86_64 0:1.7.14-14.el7    
  trousers.x86_64 0:0.3.14-2.el7              

完毕!

[root@localhost ~]# yum install mod_dav_svn -y
已安装:
  mod_dav_svn.x86_64 0:1.7.14-14.el7                                                                                                       

作为依赖被安装:
  httpd.x86_64 0:2.4.6-90.el7.centos           httpd-tools.x86_64 0:2.4.6-90.el7.centos           mailcap.noarch 0:2.1.41-2.el7          

完毕!

# 安装完成后
[root@localhost ~]# svnserve --version
svnserve,版本 1.7.14 (r1542130)
   编译于 Apr 11 2018,02:40:28

# 查看安装目录位置
[root@localhost local]# whereis svn
svn: /usr/bin/svn /usr/share/man/man1/svn.1.gz

# 查看运行文件路径
[root@localhost ~]# which svn
/usr/bin/svn

[root@localhost local]# ls /usr/bin/svn*
/usr/bin/svn       /usr/bin/svndumpfilter  /usr/bin/svnrdump  /usr/bin/svnsync
/usr/bin/svnadmin  /usr/bin/svnlook        /usr/bin/svnserve  /usr/bin/svnversion

源码安装

系统初始化时应该安装一些必要的依赖包

[root@localhost ~]# yum install gcc wget expat-devel zip unzip lz4 lz4-devel zlib zlib-devel vim net-tools -y

[root@localhost ~]# mkdir svn

这些依赖包需要在外网环境装好。

访问 http://subversion.apache.org/ 下载 tar.gz

[root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache/subversion/subversion-1.12.2.tar.gz

[root@localhost svn]# ll
总用量 11264
-rw-r--r--. 1 root root 11533872 7月  23 20:04 subversion-1.12.2.tar.gz
[root@localhost svn]# tar zxf subversion-1.12.2.tar.gz 

[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ls
aclocal.m4  BUGS   build.conf        CHANGES     configure     doc            gen-make.py  INSTALL  Makefile.in  README      tools
autogen.sh  build  build-outputs.mk  COMMITTERS  configure.ac  gen-make.opts  get-deps.sh  LICENSE  NOTICE       subversion  win-tests.py

# 查看安装教程
[root@localhost subversion-1.12.2]# more INSTALL 

配置安装

[root@localhost subversion-1.12.2]# ./configure
You probably need to do something similar with the Apache
Portable Runtime Utility (APRUTIL) library and then configure
Subversion with both the --with-apr and --with-apr-util options.

configure: error: no suitable APR found

安装APR

访问 http://apr.apache.org/download.cgi 下载

[root@localhost subversion-1.12.2]# cd ..
[root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz

[root@localhost svn]# tar xzf apr-1.7.0.tar.gz 
[root@localhost svn]# cd apr-1.7.0

# 配置
[root@localhost apr-1.7.0]# ./configure 

# 编译安装
[root@localhost apr-1.7.0]# make && make install

[root@localhost apr-1.7.0]# whereis apr
apr: /usr/local/apr

# --------------继续报错
[root@localhost apr-1.7.0]# cd ..
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure

The Apache Portable Runtime Utility (APRUTIL) library cannot be found.
Install APRUTIL on this system and configure Subversion with the
 appropriate --with-apr-util option.

configure: error: no suitable APRUTIL found

安装APRUTIL

同样访问 http://apr.apache.org/download.cgi 下载安装 APR-util

[root@localhost subversion-1.12.2]# cd ..
[root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz

[root@localhost svn]# tar xzf apr-util-1.6.1.tar.gz 
[root@localhost svn]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure

configure: error: APR could not be located. Please use the --with-apr option.

# 加上apr路径后重新安装
[root@localhost apr-util-1.6.1]# ./configure --with-apr=/usr/local/apr

[root@localhost apr-util-1.6.1]# make && make install

xml/apr_xml.c:35:19: 致命错误:expat.h:没有那个文件或目录
 #include 
                   ^
编译中断。
make[1]: *** [xml/apr_xml.lo] 错误 1
make[1]: 离开目录“/root/svn/apr-util-1.6.1”
make: *** [all-recursive] 错误 1

安装expat(在线安装)

缺少 expat库,在线安装命令:yum install -y expat-devel

或者访问 https://pkgs.org/download/expat-devel 下载对应的版本,但是结果因为各种依赖问题失败了

[root@localhost apr-util-1.6.1]# cd ..
[root@localhost svn]# wget http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/expat-devel-2.2.5-3.el8.x86_64.rpm

[root@localhost svn]# rpm -ivh expat-devel-2.2.5-3.el8.x86_64.rpm 
警告:expat-devel-2.2.5-3.el8.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
错误:依赖检测失败:
    expat(x86-64) = 2.2.5-3.el8 被 expat-devel-2.2.5-3.el8.x86_64 需要

# 下载依赖包安装
[root@localhost svn]# wget http://vault.centos.org/8.0.1905/BaseOS/Source/SPackages/expat-2.2.5-3.el8.src.rpm

[root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.src.rpm 
警告:expat-2.2.5-3.el8.src.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
正在升级/安装...
   1:expat-2.2.5-3.el8                ################################# [100%]
警告:用户mockbuild 不存在 - 使用root
警告:群组mockbuild 不存在 - 使用root
警告:用户mockbuild 不存在 - 使用root
警告:群组mockbuild 不存在 - 使用root
警告:用户mockbuild 不存在 - 使用root
警告:群组mockbuild 不存在 - 使用root

[root@localhost svn]# groupadd mockbuild
[root@localhost svn]# useradd -s /sbin/nologin mockbuild
useradd:mockbuild 组已经存在 - 如果您想将此用户加入到该组,请使用 -g 参数。
[root@localhost svn]# useradd -g mockbuild -s /sbin/nologin mockbuild

[root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.src.rpm 
警告:expat-2.2.5-3.el8.src.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
正在升级/安装...
   1:expat-2.2.5-3.el8                ################################# [100%]

[root@localhost svn]# rpm -ivh expat-devel-2.2.5-3.el8.x86_64.rpm
警告:expat-devel-2.2.5-3.el8.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
错误:依赖检测失败:
    expat(x86-64) = 2.2.5-3.el8 被 expat-devel-2.2.5-3.el8.x86_64 需要
# 还是不行

[root@localhost svn]# 
[root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.i686.rpm 
警告:expat-2.2.5-3.el8.i686.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY
错误:依赖检测失败:
    libc.so.6 被 expat-2.2.5-3.el8.i686 需要
    libc.so.6(GLIBC_2.0) 被 expat-2.2.5-3.el8.i686 需要
    libc.so.6(GLIBC_2.1) 被 expat-2.2.5-3.el8.i686 需要
    libc.so.6(GLIBC_2.1.3) 被 expat-2.2.5-3.el8.i686 需要
    libc.so.6(GLIBC_2.25) 被 expat-2.2.5-3.el8.i686 需要
    libc.so.6(GLIBC_2.3.4) 被 expat-2.2.5-3.el8.i686 需要
    libc.so.6(GLIBC_2.4) 被 expat-2.2.5-3.el8.i686 需要

继续安装APRUTIL

[root@localhost svn]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# make && make install

[root@localhost apr-util-1.6.1]# cd ..
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure

An appropriate version of sqlite could not be found.  We recommmend
3.8.11.1, but require at least 3.8.2.
Please either install a newer sqlite on this system

or

get the sqlite 3.8.11.1 amalgamation from:
    https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip
unpack the archive using unzip and rename the resulting
directory to:
/root/svn/subversion-1.12.2/sqlite-amalgamation

configure: error: Subversion requires SQLite

安装SQLite

首先要安装 unzip,yum install -y zip unzip

[root@localhost svn]# wget https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip

[root@localhost svn]# ll sqlite-amalgamation-3081101.zip 
-rw-r--r--. 1 root root 1648868 7月  30 2016 sqlite-amalgamation-3081101.zip
[root@localhost svn]# unzip sqlite-amalgamation-3081101.zip 

# 按要求移动到对应目录
[root@localhost svn]# mv sqlite-amalgamation-3081101 /root/svn/subversion-1.12.2/sqlite-amalgamation

[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure

configure: zlib library configuration via pkg-config
checking for zlib library... yes
checking for lz4 library via pkg-config... no
configure: lz4 configuration without pkg-config
checking for LZ4_compress_default in -llz4... no
configure: error: Subversion requires LZ4 >= r129, or use --with-lz4=internal

安装LZ4(在线安装)

[root@localhost subversion-1.12.2]# yum install -y lz4 lz4-devel

configure: utf8proc configuration without pkg-config
checking for utf8proc_version in -lutf8proc... no
configure: error: Subversion requires UTF8PROC

安装UTF8PROC

访问 https://github.com/JuliaStrings/utf8proc/releases/tag/v2.4.0 下载

[root@localhost subversion-1.12.2]# cd ..
[root@localhost svn]# wget https://github.com/JuliaStrings/utf8proc/archive/v2.4.0.tar.gz
[root@localhost svn]# wget https://github.com/JuliaStrings/utf8proc/archive/v2.4.0.zip
[root@localhost svn]# unzip v2.4.0.zip 

[root@localhost svn]# cd utf8proc-2.4.0/
[root@localhost utf8proc-2.4.0]# make && make install

[root@localhost utf8proc-2.4.0]# cd ..
[root@localhost svn]# cd subversion-1.12.2
[root@localhost subversion-1.12.2]# ./configure

# 终于开始安装svn了,耗时很久
[root@localhost subversion-1.12.2]# make && make install

test -d /usr/local/include/subversion-1 || \
  /usr/bin/install -c -d /usr/local/include/subversion-1
(subversion/svnversion/svnversion . 2> /dev/null ||  \
 svnversion . 2> /dev/null ||                        \
 echo "unknown";                                                 \
) > /usr/local/include/subversion-1/svn-revision.txt
[root@localhost subversion-1.12.2]# cat /usr/local/include/subversion-1/svn-revision.txt
目录 
 未版本控制

安装完成

[root@localhost subversion-1.12.2]# whereis svn
svn: /usr/local/bin/svn

[root@localhost subversion-1.12.2]# ls /usr/local/bin/svn*
/usr/local/bin/svn       /usr/local/bin/svndumpfilter  /usr/local/bin/svnmucc   /usr/local/bin/svnsync
/usr/local/bin/svnadmin  /usr/local/bin/svnfsfs        /usr/local/bin/svnrdump  /usr/local/bin/svnversion
/usr/local/bin/svnbench  /usr/local/bin/svnlook        /usr/local/bin/svnserve

[root@localhost subversion-1.12.2]# svnserve --version
svnserve,版本 1.12.2 (r1863366)
   编译于 Oct 24 2019,13:25:09 在 x86_64-unknown-linux-gnu

配置svn单个版本库

创建svn代码库

# 创建一个svn仓库的总仓库,也就是“顶级仓库”,如果之后又多个svn版本库,可以都放在该目录下,便于管理
[root@localhost ~]# mkdir -p /home/svnrepository

# 创建svn版本仓库,也就是“根仓库”,名字为repo_starmeow
[root@localhost ~]# svnadmin create /home/svnrepository/repo_starmeow

# 进入repo_starmeow版本仓库目录,修改配置
[root@localhost ~]# cd /home/svnrepository/repo_starmeow/
[root@localhost repo_starmeow]# ll
总用量 8
drwxr-xr-x. 2 root root  76 10月 24 13:50 conf
drwxr-sr-x. 6 root root 233 10月 24 13:50 db
-r--r--r--. 1 root root   2 10月 24 13:50 format
drwxr-xr-x. 2 root root 231 10月 24 13:50 hooks
drwxr-xr-x. 2 root root  41 10月 24 13:50 locks
-rw-r--r--. 1 root root 246 10月 24 13:50 README.txt

使用svnadmin create命令创建根仓库时,顶级仓库必须是存在的。根仓库目录是否存在都是可以的,若根仓库不存在,命令会自动创建根仓库目录,也就是说,如果repo_starmeow这个根仓库目录不管存在与否,都可以通过svnadmin create成功创建仓库。

配置文件介绍

查看conf这个目录,这个是存放配置文件的

[root@localhost repo_starmeow]# cd conf/
[root@localhost conf]# ls
authz  hooks-env.tmpl  passwd  svnserve.conf

原始文件内容如下

authz

权限控制

[root@localhost conf]# cat authz 
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe

# [/foo/bar]
# harry = rw
# &joe = r
# * =

# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r

配置说明

# 对所有的版本库,如果svnserve只启动一个版本库,那么只能用仓库路径表示
[/仓库路径]      # 如果只有一个版本库, /path/ts 指定仓库路径
用户名1 = rw    # 表示用户名1 可读写
用户名2 = r     # 表示用户名2 只读
* =            # 表示其他用户无任何权限

# 指定版本库,如果svnserve为多个版本库工作,指定启动到顶级目录,权限中就应该指定具体的版本库名。
[版本库名:/仓库路径]      # repo_starmeow:/ 表示这个版本仓库下所有文件
用户名1 = rw    # 表示用户名1 可读写
用户名2 = r     # 表示用户名2 只读
* =            # 表示其他用户无任何权限

权限可为rwrw,分别代表只可读,只可写,可读可写,这里rwrw只针对 仓库路径 最后层级的目录生效。
仓库路径下有子目录,且子目录未配置独立的权限,子目录可以继承父目录的角色权限。
目录中还有目录特别设置权限的话,如果上一级用户拥有权限但是没有拥有特定的这个权限的话,是看不到的该文件夹的。或者说,拥有子目录权限但是没有主目录权限的话,可以直接通过完全的子目录链接来达到访问的目的。

扩展,用户分组表示

[groups]
部门1 = 用户名1,用户名2
部门2 = 用户名3

[<版本库>:/项目/目录]
@部门1 = rw            # 部门1中的用户可读写
@部门2 = r             # 部门2的用户只读
用户名4 = rw           # 用户名4可读写

passwd

帐号密码

[root@localhost conf]# cat passwd 
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
# harry = harryssecret
# sally = sallyssecret

只需要在每一行配置用户名 = 密码表示

svnserve.conf

SVN服务配置

[root@localhost conf]# cat svnserve.conf 
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository.  (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.apache.org/ for more information.

[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete 
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
# anon-access = read
# auth-access = write
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
# password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the
### directory containing this file.  The specified path may be a
### repository relative URL (^/) or an absolute file:// URL to a text
### file in a Subversion repository.  If you don't specify an authz-db,
### no path-based access control is done.
### Uncomment the line below to use the default authorization file.
# authz-db = authz
### The groups-db option controls the location of the file with the
### group definitions and allows maintaining groups separately from the
### authorization rules.  The groups-db file is of the same format as the
### authz-db file and should contain a single [groups] section with the
### group definitions.  If the option is enabled, the authz-db file cannot
### contain a [groups] section.  Unless you specify a path starting with
### a /, the file's location is relative to the directory containing this
### file.  The specified path may be a repository relative URL (^/) or an
### absolute file:// URL to a text file in a Subversion repository.
### This option is not being used by default.
# groups-db = groups
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
# realm = My First Repository
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above.  Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none
### The hooks-env options specifies a path to the hook script environment 
### configuration file. This option overrides the per-repository default
### and can be used to configure the hook script environment for multiple 
### repositories in a single file, if an absolute path is specified.
### Unless you specify an absolute path, the file's location is relative
### to the directory containing this file.
# hooks-env = hooks-env

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### Enabling this option requires svnserve to have been built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256

配置文件分析

anon-access = read
auth-access = write
# anon-access(匿名访问)和auth-access(认证访问)选项,分别用于控制未认证用户和与认证用户对svn版本库的访问,其可选值包含 write,read,none,如果设置为none则无对版本库的读写访问权限;设置为write则有可读可写权限;设置为read则只有读权限。

password-db = passwd
# 用于控制密码数据库文件的位置,除非指定了一个带符号‘/’ 的路径,否则文件的位置为包含该配置文件的相对路径,如果开启了SASL,则该文件配置不起作用。

authz-db = authz
# 控制基于路径访问控制的认证规则的位置。除非指定了带‘/’的路径,否则该文件位置为包含该配置文件的相对位置。如果不指定authz-db,则没有基于路径的访问控制。

realm = My First Repository
# 指定了版本库的认证域(authentication realm)。如果两个版本库有同样的认认证域(authentication realm),他们应该有相同的密码数据库,反之亦然。缺省的 realm为版本库的uuid

不修改原始配置启动svn

暂时不修改上面的配置文件,之前已经创建代码库,创建了/home/svnrepository顶级仓库,也就是存放所有版本库的目录,另外还创建了/home/svnrepository/repo_starmeow根仓库,主要用于存放项目。

启动根目录为版本库根目录(单库启动)

-r直接指定到版本库(称之为单库svnserve方式),在这种情况下,一个svnserve只能为一个版本库工作。

[root@localhost conf]# svnserve -d -r /home/svnrepository/repo_starmeow/ --listen-port 3690
[root@localhost conf]# ps -ef | grep svn
root      81637      1  0 08:48 ?        00:00:00 svnserve -d -r /home/svnrepository/repo_starmeow/
root      81639  77434  0 08:48 pts/2    00:00:00 grep --color=auto svn
[root@localhost conf]# netstat -anp | grep svn
tcp        0      0 0.0.0.0:3690            0.0.0.0:*               LISTEN      81637/svnserve
  • -d是daemon,使svnserve运行在后台,接收tcp/ip连接,默认端口是3690。
  • -r是root,指明了svnserve启动的虚拟目录(根目录),上面示例中指定 /home/svnrepository 为虚拟目录。
  • --listen-port指定端口,如果使用3690,可以不用加该选项。

客户端测试

PS D:\SVNProject> svn checkout svn://192.168.126.134
svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134'
svn: E730060: Can't connect to host '192.168.126.134': 由于连接方在一段时间后没有正确答复或连接的主机没有反应,连接尝试 失败。

服务器允许端口通过防火墙

需要允许该端口通过防火墙

[root@localhost conf]# firewall-cmd --permanent --zone=public --add-port=3690/tcp
success
[root@localhost conf]# firewall-cmd --reload
success

客户端检出

PS D:\SVNProject> svn checkout svn://192.168.126.134  # 直接检出到当前目录
Checked out revision 0.  # 提示检出版本为0

PS D:\SVNProject> svn checkout svn://192.168.126.134/ D:\SVNProject  # 检出到指定目录
Checked out revision 0.

PS D:\SVNProject> svn checkout svn://192.168.126.134:3690  # 如果服务器不是使用的默认端口3690,需要自行指定
Checked out revision 0.

检出完成后会在本地生成一个.svn隐藏目录,里面内容如下

BLOG_20191026_212005_18

当使用-r参数指定根目录为版本库 根仓库 时,是将版本库根目录中的所有文件检出到本地目录。

指定根目录为版本库顶级目录(多库启动)

-r指定到版本库的上级目录(称之为多库svnserve方式),这种情况,一个svnserve可以为多个版本库工作,
这时如果想限制指定库的指定目录,就应该指定具体的库名称。

[root@localhost conf]# svnserve -d -r /home/svnrepository
[root@localhost conf]# ps -ef | grep svn | grep -v grep
root      81986      1  0 10:17 ?        00:00:00 svnserve -d -r /home/svnrepository

客户端检出

PS D:\SVNProject> svn checkout svn://192.168.126.134
svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134'
svn: E210005: No repository found in 'svn://192.168.126.134'

PS D:\SVNProject> svn checkout svn://192.168.126.134/repo_starmeow  # 需要指定根仓库repo_starmeow
Checked out revision 0.

如果不指定本地检出目录,则会在当前目录下创建一个根仓库名称,然后在该目录下进行检出。

BLOG_20191026_211957_95

PS D:\SVNProject> svn checkout svn://192.168.126.134/repo_starmeow D:\SVNProject\
Checked out revision 0.

如果指定了检出目录,则直接将仓库中的文件检出到本地目录。

BLOG_20191026_211950_65

当使用-r参数指定根目录为版本库 顶级仓库 时,在检出链接中需要指定根仓库名称,且如果不指定本地目录,则会在当前目录下创建根仓库名称的文件夹,然后在其中检出文件。

修改文件配置帐密及权限

切记:每个配置的后面不能添加其他文字,带#的注释也不允许,例如auth-access = write # 授权用户可写

要求使用帐密登录

将 svnserve.conf 备份并修改

[root@localhost conf]# cp svnserve.conf svnserve.conf.bak
[root@localhost conf]# ls
authz  hooks-env.tmpl  passwd  svnserve.conf  svnserve.conf.bak
[root@localhost conf]# vim svnserve.conf

# 修改配置如下
[root@localhost conf]# cat svnserve.conf | grep -v "###"


[general]
# 匿名用户只读,可设置为none,表示匿名用户无法访问
anon-access = none
# 授权用户可写
auth-access = write
# 指定帐密文件
password-db = passwd
# 指定权限文件
# authz-db = authz
# groups-db = groups
# 每个svn项目认证空间名,会在认证提示中显示,建议写项目名称
realm = My Project StarMeow
# force-username-case = none
# hooks-env = hooks-env

[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256

修改帐密文件

[root@localhost conf]# cat passwd | grep -v "###"

[users]
admin = admin
test = test
user = user

测试使用帐密连接

PS D:\SVNProject> svn list svn://192.168.126.134/
svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134'
svn: E210005: No repository found in 'svn://192.168.126.134'
# 同样也是需要执行版本库名称

# 登录的时候提示输入用户名密码
PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow
Authentication realm:  My Project StarMeow
Password for 'LR':  # 默认会用本机用户名登录,再次回车自行输入用户名
Authentication realm:  My Project StarMeow
Username: admin
Password for 'admin': *****

# 指定登录用户名密码
PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow --username user --password error
Authentication realm:  My Project StarMeow
Username: user
Password for 'user': ****
PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow --username user --password user
  • --username user指定登录的用户名为user
  • --password user指定登录的密码为user
  • 如果帐密出错会要求手动登录。
  • 不指定检出目录,会在本地生成一个版本库名称的目录,执行检出。

使用用户权限控制

上面实现了匿名无法访问,用户登录后可读可写,接下来实现对用户权限控制。

修改配置文件,指定权限验证的文件authz-db = authz,默认为当前目录的authz文件

[root@localhost conf]# vim svnserve.conf

# 修改配置如下
[root@localhost conf]# cat svnserve.conf | grep -v "###"


[general]
# 匿名用户只读,可设置为none,表示匿名用户无法访问
anon-access = none
# 授权用户可写
auth-access = write
# 指定帐密文件
password-db = passwd
# 指定权限文件
authz-db = authz
# groups-db = groups
# 每个svn项目认证空间名,会在认证提示中显示,建议写项目名称
realm = My Project StarMeow
# force-username-case = none
# hooks-env = hooks-env

[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256

修改权限文件,对顶级目录做权限控制。

[root@localhost conf]# cp authz authz.bak
[root@localhost conf]# cat authz | grep -v "###"


[groups]
admin = admin
user = test,user

# 代表根目录下所有的资源
[/]
@admin = rw
@user = r
* =

配置文件修改后不需要重启服务,也就是不需要将svnserve进程关闭后开启

测试连接

可以使用svn客户端进行测试

BLOG_20191026_211939_40

当使用@user这个组内的用户进行访问时,可以读取文件,假如要进行了增删改再提交会报错

BLOG_20191026_211932_71

以另一个用户重启,输入有写权限的用户,就可以提交成功了。

BLOG_20191026_211927_59

多个版本库配置

接下来换一台服务器,同样安装好相应的软件

创建顶级仓库目录

# CentOS7防火墙允许端口
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=3690/tcp
success
[root@localhost ~]# firewall-cmd --reload
success

# 使用在线方式安装subversion
[root@localhost ~]# yum install -y subversion

# 进入svn顶层仓库,创建两个svn版本库
[root@localhost ~]# cd /home/svnrepository/
[root@localhost svnrepository]# pwd
/home/svnrepository

创建多个根仓库

# 创建2个版本库,分别为ProjectCC、ProjectXY,可以指定绝对路径
[root@localhost svnrepository]# svnadmin create /home/svnrepository/ProjectCC
[root@localhost svnrepository]# svnadmin create ProjectXY
[root@localhost svnrepository]# ls
ProjectCC  ProjectXY

# 创建整个配置文件,用于存放每个版本库共同使用的帐密和权限,而每个版本库对应的配置文件保留在原来位置
[root@localhost svnrepository]# mkdir RootConf
[root@localhost svnrepository]# cp ProjectCC/conf/{authz,passwd} RootConf/
[root@localhost svnrepository]# ls RootConf/
authz  passwd

修改各个版本仓库配置

# 接下来修改每个版本库对应的帐密和权限文件
# 修改第一个项目
[root@localhost svnrepository]# vim ProjectCC/conf/svnserve.conf 
[root@localhost svnrepository]# cat ProjectCC/conf/svnserve.conf | grep -v "###"


[general]
anon-access = none
auth-access = write
password-db = /home/svnrepository/RootConf/passwd
authz-db = /home/svnrepository/RootConf/authz
realm = Project CC Repository
# force-username-case = none

[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256

# 修改第二个项目
[root@localhost svnrepository]# vim ProjectXY/conf/svnserve.conf 
[root@localhost svnrepository]# cat ProjectXY/conf/svnserve.conf | grep -v "###"


[general]
anon-access = none
auth-access = write
password-db = /home/svnrepository/RootConf/passwd
authz-db = /home/svnrepository/RootConf/authz
realm = Project XY Repository
# force-username-case = none

[sasl]
# use-sasl = true
# min-encryption = 0
# max-encryption = 256

启动svn服务器

# 启动svn服务器,指定根目录为顶级目录
[root@localhost svnrepository]# svnserve -d -r /home/svnrepository && ps aux | grep svn | grep -v grep
root       1418  0.0  0.0 180736   808 ?        Ss   13:41   0:00 svnserve -d -r /home/svnrepository

# 查看服务器的IP
[root@localhost svnrepository]# ip a | grep ens33 | grep inet | awk '{print $2}' | awk -F '/' '{print $1}'
192.168.99.100

客户端进行检出

BLOG_20191026_211918_49

能弹出这个,表明服务器运行正常了

BLOG_20191026_211913_39

配置多个版本库共同帐密和权限文件

接下来配置服务器帐密和权限

[root@localhost svnrepository]# cd RootConf/
[root@localhost RootConf]# ls
authz  passwd

# 编辑帐密文件,添加用户名和密码,用于整个svn项目的登录认证
[root@localhost RootConf]# vim passwd
[root@localhost RootConf]# cat passwd | grep -v "###"

[users]
admin = admin_passwd
liuming = liuming_passwd
wangpeng = wangpeng_passwd
liwen = liwen_passwd
zhaohe = zhaohe_passwd
# 如果有多个用户,继续在后面添加即可

# 配置权限文件,对不同的版本库和目录创建不同的权限
[root@localhost RootConf]# vim authz 
[root@localhost RootConf]# cat authz | grep -v "###"

[aliases]

[groups]
admin = admin
# CC项目组管理
cc_man = liuming
# CC项目组美术
cc_ms = zhaohe
# CC项目组程序
cc_cx = wangpeng,liwen


#[/]
# 所有版本库权限,管理员组读写,其他人无权限
#@admin = rw
#* =

[ProjectXY:/]
#  存放公共资料,所有人可读
* = r

[ProjectCC:/]
# 超级管理员、项目组管理员所有权限
@admin = rw
@cc_man = rw
* =
# 项目ProjectCC中admin组、cc_man组拥有根目录的读写权限,可以通过svn://192.168.99.100/ProjectCC检出

[ProjectCC:/code]
@admin = rw
@cc_man = rw
# 项目代码只有程序可读可写
@cc_cx = rw
* =
# 项目ProjectCC中admin组、cc_man组拥有根目录的读写权限,由于子目录 /code 配置独立的权限,对该目录专有权限的cc_cx组需要设置读写权限,由于cc_cx组员对svn://192.168.99.100/ProjectCC不可访问,可以通过 svn://192.168.99.100/ProjectCC/code这种完全的子目录链接来达到访问的目的。

[ProjectCC:/resource]
@admin = rw
@cc_man = rw
# 美术资源美术人员读写,程序只读
@cc_ms = rw
@cc_cx = r
* =

客户端用不同权限检出

admin组拥有所有权限,就可以访问到所有目录。

BLOG_20191026_211902_57

而对于cc_ms组的只有resource的权限,则只能查看到该目录

BLOG_20191026_211856_49

检出整个项目会失败。

BLOG_20191026_211852_18

BLOG_20191026_211846_35

然而完全路径是可以检出的。

BLOG_20191026_211841_97

也就是只能使用 svn://192.168.99.100/ProjectCC/resource 这种链接去访问。

关闭或重启svn服务

[root@localhost conf]# killall svnserve

[root@localhost conf]# netstat -anp | grep svn
tcp        0      0 0.0.0.0:3690            0.0.0.0:*               LISTEN      77314/svnserve      
[root@localhost conf]# kill -9 77314

[root@localhost conf]# kill -9 `ps -ef | grep svn | grep -v grep | awk '{print $2}'`

[root@localhost conf]# netstat -anp | grep svn

# 重启svn服务
[root@localhost conf]# kill -9 `ps -ef | grep svn | grep -v grep | awk '{print $2}'` && svnserve -d -r /home/svnrepository && ps aux | grep svn | grep -v grep

你可能感兴趣的:(【subversion】svn服务端部署及帐密权限配置)