1 Introduction
Today the leader asked to build a set of svn server to store some documents. I thought it was a very simple thing, but the process was not so smooth, mainly because I did not understand the problems caused by SVNParentPath and SVNPath. To understand their use and difference, so hereby record it.
2.centos 7 build svn + apache server
Close selinux and firewall
Install svn and apache and mod_dav_svn modules
yum install httpd svn mod_dav_svn
Check the svn and apache versions to determine the successful installation
[root@chenxz-test1 conf.d]# svn --version svn, version 1.7.14 (r1542130) compiled Apr 11 2018, 02:40:28 Copyright (C) 2013 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/ The following repository access (RA) modules are available: * ra_neon : Module for accessing a repository via WebDAV protocol using Neon. - handles 'http' scheme - handles 'https' scheme * ra_svn : Module for accessing a repository using the svn network protocol. - with Cyrus SASL authentication - handles 'svn' scheme * ra_local : Module for accessing a repository on local disk. - handles 'file' scheme [root@chenxz-test1 conf.d]# httpd -v Server version: Apache/2.4.6 (CentOS) Server built: Aug 8 2019 11:41:18
4. Create warehouse
#Create warehouse directory [root @ chenxz-test1 ~] # mkdir -p / home / data / svn #Create svn warehouse [root @ chenxz-test1 ~] # svnadmin create / home / data / svn / test
5. Create svn user
#Create svn user and password [root @ chenxz-test1 conf.d] # htpasswd -c / home / data / svn / passwd chenxz New password: Re-type new password: Adding password for user chenxz
6. User rights management
svn user permissions are controlled by the authz file, which consists of the [groups] configuration section and several repository path permission sections
[groups] Configuration segment format: <user group> = <user list>
The user list is composed of several user groups or user names. The user groups or user names are separated by commas ",", and the prefix "@" should be used when referencing user groups
Repository path permission segment format:
[<Version library name>: <path>] For example, the section name of the permission section of the version library path of the version library abc path / tmp is "[abc: / tmp]".
The repository name in the section name can be omitted. If the name of the version library is omitted, the path permission section of the version library is effective for access control of the same path in all version libraries. Such as: [/ tmp]
There are three configuration line formats in the permission section of the repository path:
<user name> = <permission>
<user group> = <permission>
* = <permission>
where "*" means any user; the range of permissions is '', 'R' and 'rw', '' means that there is no permission to the repository path, 'r' means read-only permission, and 'rw' means read-write permission.
Note: Each line of configuration can only configure a single user or user group.
The #authz file exists in the conf folder of each warehouse. Here is to manage user permissions uniformly, so copy the authorization file from the warehouse to the superior directory of the warehouse, cp / home / data / svn / test / conf / authz / home / data / svn / #Add the following configuration at the end of the auth file [/] chenxz = rw
7. Modify the configuration file /etc/httpd/conf.d/subversion.conf (new if not), the content is:
LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /svn> DAV svn SVNParentPath /home/data/svn AuthType Basic AuthName "Authorization SVN" AuthzSVNAccessFile /home/data/svn/authz AuthUserFile /home/data/svn/passwd Require valid-user </Location>
8. Configure Apache permissions to the SVN directory
[root@chenxz-test1 ~]# chown apache.apache /home/data/svn/ -R
9. Start apache
[root@chenxz-test1 conf.d]# systemctl start httpd
10. Use http to access, enter the user name and password and return the version number to build successfully
3. The difference between SVNParentPath and SVNPath
Baidu "the difference between SVNParentPath and SVNPath" is basically the following statement without exception
Find mod_dav_mod in the svn Chinese website, you can see the official website description of SVNParentPath and SVNPath
So the difference between the two is that SVNParentPath specifies the superior directory of the warehouse and can manage all the warehouses under its configuration directory. The advantage of this is that only one authz file is needed to manage users, and if you need a super administrator account , You can log in to all the warehouses under SVNParentPath, then configure [/] in the authz file to represent all warehouses, and use SVNParentPath only need to configure a location in apache; SVNPath specifies a warehouse directory, which can only be managed A warehouse has the advantage of stricter authority management. In this case, the [/] configured in the authz file can only represent the warehouse. The disadvantage is that each additional warehouse needs to add a location in apache. Two configurations and corresponding access methods will be given below.
1. Apache configuration when using SVNParentPath
Dav_svn_module modules LoadModule / mod_dav_svn.so LoadModule authz_svn_module modules / mod_authz_svn.so # location where the use of warehouses parent directory <the Location / svn> DAV svn # pointing to the parent directory warehouse SVNParentPath / Home / the Data / svn AuthType Basic AuthName "the Authorization SVN" AuthzSVNAccessFile / home / data / svn / authz AuthUserFile / home / data / svn / passwd Require valid-user </ Location>
Access method http: // ip / The upper level of the warehouse / The warehouse name is like http://192.168.202.128/ svn / test
2. Apache configuration when using SVNPath
Dav_svn_module modules LoadModule / mod_dav_svn.so LoadModule authz_svn_module modules / mod_authz_svn.so # location where the use of warehouse catalog <the Location / the Test> DAV svn # pointing repository directory SVNPath / Home / the Data / svn / the Test AuthType Basic AuthName "the Authorization SVN" #authz file Pointing to the authz under the warehouse, of course, pointing to a unified authz will not go wrong, but doing so will lose the meaning of using SVNPath AuthzSVNAccessFile / home / data / svn / test / conf / authz AuthUserFile / home / data / svn / passwd Require valid-user </ Location> #Multiple warehouses require multiple locations <Location / mytest> DAV svn SVNPath / home / data / svn / mytest AuthType Basic AuthName "Authorization SVN" AuthzSVNAccessFile /home/data/svn/mytest/conf/authz AuthUserFile / home / data / svn / passwd Require valid-user </Location>
Access method http: // ip / warehouse name such as http://192.168.202.128/test
4. Problems encountered
The problems that arise are all caused by incorrect directories following location, SVNPath, and SVNParentPath. For example, I configured as follows
LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /test> DAV svn SVNParentPath /home/data/svn/test AuthType Basic AuthName "Authorization SVN" AuthzSVNAccessFile /home/data/svn/authz AuthUserFile /home/data/svn/passwd Require valid-user </Location>
The following error will appear
For another example, I configure like this
LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /test> DAV svn SVNPath /home/data/svn AuthType Basic AuthName "Authorization SVN" AuthzSVNAccessFile /home/data/svn/authz AuthUserFile /home/data/svn/passwd Require valid-user </Location>
The following error will appear
reference:
1. CentOS7 + Apache + SVN installation and configuration, and access through HTTP
2. SVN+apache中SVNParentPath与SVNPath
3. mod_dav_mod-SVN Chinese Network