Centos7.5安裝SVN並配置Apache iF.SVNAdmin
SVN服務器搭建
[root@VM_0_3_centos /]# yum install subversion
[root@VM_0_3_centos /]# svn --version
svn, version 1.7.14 (r1542130)
compiled Apr 11 2018, 02:40:28
Copyright (C) 2013 The Apache Software Foundation.
This software consists of contributions made by many people; see the NOTICE
file for more information.
Subversion is open source software, see http://subversion.apache.org/
The following repository access (RA) modules are available:
* ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
- handles 'http' scheme
- handles 'https' scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
- with Cyrus SASL authentication
- handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
- handles 'file' scheme
[root@VM_0_3_centos /]# mkdir var/www/svn
[root@VM_0_3_centos /]# cd /var/www/svn
[root@VM_0_3_centos svn]# svnadmin create testworkspace
[root@VM_0_3_centos svn]# ls -rlt
total 16
drwxr-xr-x 6 root root 4096 Dec 2 09:34 testworkspace
倉庫創建完成後,在倉庫的conf目錄下會自動生成3個文件svnserve.conf、passwd、authz:
[root@VM_0_3_centos svn]# cd testworkspace/
[root@VM_0_3_centos testworkspace]# ls -rlt
total 24
drwxr-xr-x 2 root root 4096 Dec 2 09:34 locks
drwxr-xr-x 2 root root 4096 Dec 2 09:34 hooks
-rw-r--r-- 1 root root 229 Dec 2 09:34 README.txt
drwxr-xr-x 2 root root 4096 Dec 2 09:34 conf
drwxr-sr-x 6 root root 4096 Dec 2 09:34 db
-r--r--r-- 1 root root 2 Dec 2 09:34 format
[root@VM_0_3_centos testworkspace]# cd conf
[root@VM_0_3_centos conf]# ls -rlt
total 12
-rw-r--r-- 1 root root 3090 Dec 2 09:34 svnserve.conf
-rw-r--r-- 1 root root 309 Dec 2 09:34 passwd
-rw-r--r-- 1 root root 1080 Dec 2 09:34 authz
svnserve.conf:svn服務配置文件
passwd:用戶名口令文件
authz:權限配置文件
4.1 svnserve.conf文件:
該文件由一個[general]配置段組成。格式:<配置項>=<值>
配置項分爲以下5項:
1.anon-access 控制非鑑權用戶訪問版本庫的權限。取值範圍爲"write"、“read"和"none”。即"write"爲可讀可寫,"read"爲只讀,“none"表示無訪問權限。缺省值:read
2.auth-access 控制鑑權用戶訪問版本庫的權限。取值範圍爲"write”、“read"和"none”。即"write"爲可讀可寫,"read"爲只讀,"none"表示無訪問權限。缺省值:write
3.password-db 指定用戶名口令文件名。除非指定絕對路徑,否則文件位置爲相對conf目錄的相對路徑。缺省值:passwd
4.authz-db 指定權限配置文件名,通過該文件可以實現以路徑爲基礎的訪問控制。除非指定絕對路徑,否則文件位置爲相對conf目錄的相對路徑。缺省值:authz
5.realm 指定版本庫的認證域,即在登錄時提示的認證域名稱。若兩個版本庫的認證域相同,建議使用相同的用戶名口令數據文件。缺省值:一個UUID(Universal Unique IDentifier,全局唯一標示)。
以下是一個詳細的配置文件:
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.apache.org/ for more information.
[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
### 對於授權用戶與未被授權用戶的訪問級別控制:read,write,write
anon-access = none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
### 密碼數據文件的保存位置,默認爲相對路徑,如果以/開頭則爲絕對路徑
#### 如果SASL開啓的話,那麼就不會驗證該文件
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file. If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
### 用戶數據文件的保存位置,默認爲相對路徑,如果以/開頭則爲絕對路徑
#### 如果未指定路徑,則無訪問控制
authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa. The default realm
### is repository's uuid.
### 指定驗證的範圍,如果兩個repo的realm屬性一樣,那麼它們就應該使用同一個password數據庫,反之亦然
#### 默認的realm就是repo的唯一標示符
realm = /var/www/svn/testworkspace
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above. Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none
[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
### 是否開啓SASL驗證,默認是false的
#### 此選項會默認svn服務器支持Cyrus,檢查的方法是,運行'svnserve --version'命令,查看輸出是否有'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
### 下面兩個選項用來指定加密強度的
# min-encryption = 0
# max-encryption = 256
將svnserve.conf修改成如下內容:
#匿名訪問的權限,可以是read,write,none,默認爲read
anon-access=none
#使授權用戶有寫權限
auth-access=write
#密碼數據庫的路徑
password-db=passwd
#訪問控制文件
authz-db=authz
#認證命名空間,subversion會在認證提示裏顯示,並且作爲憑證緩存的關鍵字
realm = /var/www/svn/testworkspace
說明:設定非鑑權用戶無權限訪問該版本庫;鑑權用戶可對版本庫進行讀寫;用戶名口令文件爲conf目錄下的passwd,權限配置文件爲版本庫conf目錄下的authz,版本庫的認證域爲:/var/www/svn/testworkspace
4.2 passwd文件
該文件由一個[users]配置段組成,格式:<用戶名>=<口令> 注:口令爲未經過任何處理的明文。
修改成如下:
[users]
admin = admin
test = test
4.3 authz文件
該文件由[groups]配置段和若干版本庫路徑權限段組成
[groups]配置段格式:<用戶組>=<用戶列表>
用戶列表由若干個用戶組或用戶名構成,用戶組或用戶名之間用逗號",“分隔,引用用戶組時要使用前綴”@"
版本庫路徑權限段格式:
[<版本庫名>:<路徑>]如版本庫abc路徑/tmp的版本庫路徑權限段的段名爲"[abc:/tmp]"。
可省略段名中的版本庫名。若省略版本庫名,則該版本庫路徑權限段對所有版本庫中相同路徑的訪問控制都有效。如:[/tmp]
版本庫路徑權限段中配置行格式有如下三種:
<用戶名> = <權限>
<用戶組> = <權限>
* = <權限>
其中,"*"表示任何用戶;權限的取值範圍爲’’、‘r’和’rw’,’'表示對該版本庫路徑無任何權限,'r’表示具有隻讀權限,'rw’表示有讀寫權限。
注意:每行配置只能配置單個用戶或用戶組。
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
每一個section都命名了一個版本庫(repository)和其對應的路徑(path),option name是已認證的用戶名(即在passwd文件中定義的用戶),而option value是用戶對倉庫指定路徑的訪問級別,分爲r(read-only)只讀和rw(read/write)讀寫這兩種。注意下,特別強調每一部分配置的名稱可以是[repos-name:path]或[path]這兩種格式。
搞清楚了這些概念後,修改配置文件如下:
####在最後面增加如下內容,[/] 是相對svn庫src目錄下的訪問路徑,可根據路徑分配目錄訪問權限:
[/]
admin = rw
* =
####如下是配置test用戶只有對svn/fendo的目錄,具有可讀寫權限
[/fendo]
test = rw
* =
總結:
SVN管理員可以通過這3個配置文件設置svnserve服務的用戶名口令,以及對版本庫路徑的訪問權限。這些配置文件保存後就立即生效,不需要重啓svnserve服務。
[root@VM_0_3_centos conf]# systemctl start svnserve
systemctl start svnserve.service
[root@VM_0_3_centos conf]# ps -ef|grep svn|grep -v grep
root 3205 1 0 10:26 ? 00:00:00 /usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /var/www/svn
root 30129 20774 0 09:47 pts/1 00:00:00 vim svnserve.conf
root 30405 27672 0 09:49 pts/2 00:00:00 vim svnserve.conf
[root@VM_0_3_centos conf]# netstat -ln |grep 3690
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN
[root@VM_0_3_centos conf]# killall svnserve
svn://ip/testworkspace
配置Apache支持HTTP訪問
[root@VM_0_3_centos conf]# yum install -y httpd mod_dav_svn
[root@VM_0_3_centos svn]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Aug 8 2019 11:41:18
[root@VM_0_3_centos svn]# find / -name mod_*_svn.so
/usr/lib64/httpd/modules/mod_authz_svn.so
/usr/lib64/httpd/modules/mod_dav_svn.so
地址:http://svnadmin.insanefactory.com/
下載完成解壓縮到目錄:/var/www/html
[root@VM_0_3_centos html]# pwd
/var/www/html
[root@VM_0_3_centos html]# ls -rlt
total 4
drwxr-xr-x 9 apache apache 4096 Nov 29 11:00 svnadmin
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
DAV svn
SVNPath /var/www/svn
SVNListParentPath on
AuthType Basic
AuthName "Authorization SVN"
AuthUserFile /var/www/svn/passwd
AuthzSVNAccessFile /var/www/svn/authz
Require valid-user
</Location>
通過查看文件/usr/lib/systemd/system/svnserve.service, 瞭解到svnserver的配置文件是/etc/sysconfig/svnserve,修改/etc/sysconfig/svnserve
/etc/sysconfig/svnserve修改成:
# OPTIONS is used to pass command-line arguments to svnserve.
#
# Specify the repository location in -r parameter:
OPTIONS="-r /var/www/svn"
[root@VM_0_3_centos svn]# touch /var/www/svn/passwd #創建用戶文件
[root@VM_0_3_centos svn]# htpasswd /var/www/svn/passwd admin #創建用戶admin
New password:
Re-type new password:
Adding password for user admin
[root@VM_0_3_centos svn]# cat /home/data/svn/passwd #查看用戶名密碼
admin:$apr1$menX5Hf/$swrwk0/HsrNsS1KHdi29k.
[root@VM_0_3_centos svn]# cp /var/www/svn/testworkspace/conf/authz /var/www/svn/authz
[root@VM_0_3_centos svn]# chown -R apache:apache /var/www/svn/testworkspace
[root@VM_0_3_centos svn]# ls -rlt
total 16
-rwxrwxrwx 1 apache apache 44 Nov 29 23:20 passwd
-rwxrwxrwx 1 apache apache 24 Nov 29 23:20 authz
drwxr-xr-x 6 apache apache 4096 Dec 2 09:34 testworkspace
修改/etc/httpd/conf/httpd.conf,增加:
<Location /svn>
DAV svn
SVNPath /var/www/svn/
Options Indexes MultiViews
</Location>
啓動httpd服務:
systemctl start httpd.service
開機自啓動httpd服務:
systemctl enable httpd.service
Apache常用命令如下:
httpd -v #查看已經安裝的httpd的版本
rpm -qa | grep httpd #查看是否已經安裝了httpd
ps -ef | grep httpd #查看httpd的進程
service httpd status #查看httpd的運行狀態
service httpd stop #可以停止httpd
service httpd start #可以啓動httpd
訪問地址:http://ip:port/svnadmin
