需求概要:
公司正在开发一套商城系统,利用svnserve做源代码版本控制,商城系统包括Android端、IOS端和Web端,相当于包括项目经理1人、Android开发组2人、IOS开发组2人、Web前端2人、Java服务器端2人,然后再设置2位超级管理员(ayu和liyang),要求是开发组提交的代码只有本组人或者超级管理员才有权限访问
配置如下:
1)查看svnserve版本,确认svnserve已安装
[root@localhost vsftpd-2.0.5]# svnserve --version
svnserve,版本 1.6.11 (r934486)
编译于 May 31 2011,05:46:33
2)创建一个SVN仓库TradeMall,
[root@localhost vsftpd-2.0.5]# svnadmin create /root/svndata/TradeMall/
注明:配置文件路径为/root/svndata/TradeMall/conf
3)authz文件配置如下
### This file is an example authorization file for svnserve. ### Its format is identical to that of mod_authz_svn authorization ### files. ### As shown below each section defines authorizations for the path and ### (optional) repository specified by the section name. ### The authorizations follow. An authorization line can refer to: ### - a single user, ### - a group of users defined in a special [groups] section, ### - an alias defined in a special [aliases] section, ### - all authenticated users, using the '$authenticated' token, ### - only anonymous users, using the '$anonymous' token, ### - anyone, using the '*' wildcard. ### ### A match can be inverted by prefixing the rule with '~'. Rules can ### grant read ('r') access, read-write ('rw') access, or no access ### (''). [aliases] # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] svnadmin = ayu,liyang projmanagergoup = manager iosgroup = iosdev1,iosdev2 androidgroup = androiddev1,androiddev2 webgroup = webdev1,webdev2 servergroup = serverdev1,serverdev2 [TradeMall:/] @svnadmin = rw @projmanagergoup = rw @iosgroup = rw @androidgroup = rw @webgroup = rw @servergroup = rw *= [TradeMall:/doc] @svnadmin = rw @projmanagergoup = rw *= [TradeMall:/ios] @svnadmin = rw @iosgroup = rw *= [TradeMall:/android] @svnadmin = rw @androidgroup = rw *= [TradeMall:/web] @svnadmin = rw @webgroup = rw *= [TradeMall:/server] @svnadmin = rw @servergroup = rw *=
注明:ayu和liyang为超级管理员,相当于是在仓库TradeMall下建立了多个“项目”,在“项目”级别划分权限
4)passwd文件配置如下
### This file is an example password file for svnserve. ### Its format is similar to that of svnserve.conf. As shown in the ### example below it contains one section labelled [users]. ### The name and password for each user follow, one account per line. [users] # harry = harryssecret # sally = sallyssecret ayu = ayu liyang = liyang manager = peidian iosdev1 = peidian iosdev2 = peidian androiddev1 = peidian androiddev2 = peidian webdev1 = peidian webdev2 = peidian serverdev1 = peidian serverdev2 = peidian
5)svnserve.conf文件配置如下
### This file controls the configuration of the svnserve daemon, if you ### use it to allow access to this repository. (If you only allow ### access through http: and/or file: URLs, then this file is ### irrelevant.) ### Visit http://subversion.tigris.org/ for more information. [general] ### These options control access to the repository for unauthenticated ### and authenticated users. Valid values are "write", "read", ### and "none". The sample settings below are the defaults. # anon-access = read # auth-access = write anon-access = none auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. # password-db = passwd password-db = /root/svndata/TradeMall/conf/passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the the ### directory containing this file. If you don't specify an ### authz-db, no path-based access control is done. ### Uncomment the line below to use the default authorization file. # authz-db = authz authz-db = /root/svndata/TradeMall/conf/authz ### This option specifies the authentication realm of the repository. ### If two repositories have the same authentication realm, they should ### have the same password database, and vice versa. The default realm ### is repository's uuid. # realm = My First Repository realm = /root/svndata/TradeMall [sasl] ### This option specifies whether you want to use the Cyrus SASL ### library for authentication. Default is false. ### This section will be ignored if svnserve is not built with Cyrus ### SASL support; to check, run 'svnserve --version' and look for a line ### reading 'Cyrus SASL authentication is available.' # use-sasl = true ### These options specify the desired strength of the security layer ### that you want SASL to provide. 0 means no encryption, 1 means ### integrity-checking only, values larger than 1 are correlated ### to the effective key length for encryption (e.g. 128 means 128-bit ### encryption). The values below are the defaults. # min-encryption = 0 # max-encryption = 256
6)启动svnserve服务
[root@localhost conf]# svnserve -d -r /root/svndata/
7)客户端安装TortoiseSVN,Repo-Browser,然后在地址栏输入:“svn://210.10.3.61/TradeMall”,用超级管理员ayu/ayu登录,并建立规范化目录如下:
8)测试用不同组员去checkout同一个“svn://210.10.3.61/TradeMall”可以发现拿到的目录只有自己的,也就是Android拿到Android的,IOS的拿到IOS的,互不影响、互相分离。
备注:
一开始是在仓库repos下建了一个“项目”,比如“svn://210.10.3.61/repos/TradeMall”,在这个项目下去分权限,比如建立“svn://210.10.3.61/repos/TradeMall/ios”、“svn://210.10.3.61/repos/TradeMall/android”、“svn://210.10.3.61/repos/TradeMall/web”和“svn://210.10.3.61/repos/TradeMall/server”,对文件夹android、ios、web和server划分权限,后来发现这样不能实现需求描述。正确的方式是在仓库TradeMall下建立多个“项目”比如ios、android、web。也就说前一种是在repos仓库下建立一个项目TradeMall,然后在该项目下配置不同文件夹的权限,而后一种是TradeMall作为了仓库再建立多个项目,在项目级别划分权限,后一种能实现需求描述。