您现在的位置是: 网站首页 >服务部署 >Linux应用服务配置 服务部署
【subversion】svn服务端部署及帐密权限配置
admin2019年10月26日 21:17 【Linux 】 1467人已围观
Linux应用服务配置简介 各类Linux软件安装配置
Subversion(SVN),是一个集中式项目版本管理工具。 1. 可以记录每一次文件和目录的修改情况,以版本号存储,可以根据这个版本号进行还原; 2. 不同的用户可以随时从服务器端更新修改的文件,达到在开发中的实时共享; ![BLOG_20191026_212022_74](/media/blog/images/2019/10/BLOG_20191026_212022_74.png "博客图集BLOG_20191026_212022_74.png") # 在线安装 参考官方教程安装: http://subversion.apache.org/packages.html ```bash [root@localhost ~]# yum install -y subversion 已安装: subversion.x86_64 0:1.7.14-14.el7 作为依赖被安装: apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7 gnutls.x86_64 0:3.3.29-9.el7_6 libmodman.x86_64 0:2.0.1-8.el7 libproxy.x86_64 0:0.4.11-11.el7 neon.x86_64 0:0.30.0-4.el7 nettle.x86_64 0:2.7.1-8.el7 pakchois.x86_64 0:0.4-10.el7 perl.x86_64 4:5.16.3-294.el7_6 perl-Carp.noarch 0:1.26-244.el7 perl-Encode.x86_64 0:2.51-7.el7 perl-Exporter.noarch 0:5.68-3.el7 perl-File-Path.noarch 0:2.09-2.el7 perl-File-Temp.noarch 0:0.23.01-3.el7 perl-Filter.x86_64 0:1.49-3.el7 perl-Getopt-Long.noarch 0:2.40-3.el7 perl-HTTP-Tiny.noarch 0:0.033-3.el7 perl-PathTools.x86_64 0:3.40-5.el7 perl-Pod-Escapes.noarch 1:1.04-294.el7_6 perl-Pod-Perldoc.noarch 0:3.20-4.el7 perl-Pod-Simple.noarch 1:3.28-4.el7 perl-Pod-Usage.noarch 0:1.63-3.el7 perl-Scalar-List-Utils.x86_64 0:1.27-248.el7 perl-Socket.x86_64 0:2.010-4.el7 perl-Storable.x86_64 0:2.45-3.el7 perl-Text-ParseWords.noarch 0:3.29-4.el7 perl-Time-HiRes.x86_64 4:1.9725-3.el7 perl-Time-Local.noarch 0:1.2300-2.el7 perl-constant.noarch 0:1.27-2.el7 perl-libs.x86_64 4:5.16.3-294.el7_6 perl-macros.x86_64 4:5.16.3-294.el7_6 perl-parent.noarch 1:0.225-244.el7 perl-podlators.noarch 0:2.5.1-3.el7 perl-threads.x86_64 0:1.87-4.el7 perl-threads-shared.x86_64 0:1.43-6.el7 subversion-libs.x86_64 0:1.7.14-14.el7 trousers.x86_64 0:0.3.14-2.el7 完毕! [root@localhost ~]# yum install mod_dav_svn -y 已安装: mod_dav_svn.x86_64 0:1.7.14-14.el7 作为依赖被安装: httpd.x86_64 0:2.4.6-90.el7.centos httpd-tools.x86_64 0:2.4.6-90.el7.centos mailcap.noarch 0:2.1.41-2.el7 完毕! # 安装完成后 [root@localhost ~]# svnserve --version svnserve,版本 1.7.14 (r1542130) 编译于 Apr 11 2018,02:40:28 # 查看安装目录位置 [root@localhost local]# whereis svn svn: /usr/bin/svn /usr/share/man/man1/svn.1.gz # 查看运行文件路径 [root@localhost ~]# which svn /usr/bin/svn [root@localhost local]# ls /usr/bin/svn* /usr/bin/svn /usr/bin/svndumpfilter /usr/bin/svnrdump /usr/bin/svnsync /usr/bin/svnadmin /usr/bin/svnlook /usr/bin/svnserve /usr/bin/svnversion ``` # 源码安装 系统初始化时应该安装一些必要的依赖包 ```bash [root@localhost ~]# yum install gcc wget expat-devel zip unzip lz4 lz4-devel zlib zlib-devel vim net-tools -y [root@localhost ~]# mkdir svn ``` 这些依赖包需要在外网环境装好。 访问 http://subversion.apache.org/ 下载 `tar.gz` 包 ```bash [root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache/subversion/subversion-1.12.2.tar.gz [root@localhost svn]# ll 总用量 11264 -rw-r--r--. 1 root root 11533872 7月 23 20:04 subversion-1.12.2.tar.gz [root@localhost svn]# tar zxf subversion-1.12.2.tar.gz [root@localhost svn]# cd subversion-1.12.2 [root@localhost subversion-1.12.2]# ls aclocal.m4 BUGS build.conf CHANGES configure doc gen-make.py INSTALL Makefile.in README tools autogen.sh build build-outputs.mk COMMITTERS configure.ac gen-make.opts get-deps.sh LICENSE NOTICE subversion win-tests.py # 查看安装教程 [root@localhost subversion-1.12.2]# more INSTALL ``` ## 配置安装 ```bash [root@localhost subversion-1.12.2]# ./configure You probably need to do something similar with the Apache Portable Runtime Utility (APRUTIL) library and then configure Subversion with both the --with-apr and --with-apr-util options. configure: error: no suitable APR found ``` ## 安装APR 访问 http://apr.apache.org/download.cgi 下载 ```bash [root@localhost subversion-1.12.2]# cd .. [root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz [root@localhost svn]# tar xzf apr-1.7.0.tar.gz [root@localhost svn]# cd apr-1.7.0 # 配置 [root@localhost apr-1.7.0]# ./configure # 编译安装 [root@localhost apr-1.7.0]# make && make install [root@localhost apr-1.7.0]# whereis apr apr: /usr/local/apr # --------------继续报错 [root@localhost apr-1.7.0]# cd .. [root@localhost svn]# cd subversion-1.12.2 [root@localhost subversion-1.12.2]# ./configure The Apache Portable Runtime Utility (APRUTIL) library cannot be found. Install APRUTIL on this system and configure Subversion with the appropriate --with-apr-util option. configure: error: no suitable APRUTIL found ``` ## 安装APRUTIL 同样访问 http://apr.apache.org/download.cgi 下载安装 APR-util ```bash [root@localhost subversion-1.12.2]# cd .. [root@localhost svn]# wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz [root@localhost svn]# tar xzf apr-util-1.6.1.tar.gz [root@localhost svn]# cd apr-util-1.6.1 [root@localhost apr-util-1.6.1]# ./configure configure: error: APR could not be located. Please use the --with-apr option. # 加上apr路径后重新安装 [root@localhost apr-util-1.6.1]# ./configure --with-apr=/usr/local/apr [root@localhost apr-util-1.6.1]# make && make install xml/apr_xml.c:35:19: 致命错误:expat.h:没有那个文件或目录 #include <expat.h> ^ 编译中断。 make[1]: *** [xml/apr_xml.lo] 错误 1 make[1]: 离开目录“/root/svn/apr-util-1.6.1” make: *** [all-recursive] 错误 1 ``` ## 安装expat(在线安装) 缺少 expat库,在线安装命令:`yum install -y expat-devel` 或者访问 https://pkgs.org/download/expat-devel 下载对应的版本,但是结果因为各种依赖问题失败了 ```bash [root@localhost apr-util-1.6.1]# cd .. [root@localhost svn]# wget http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/expat-devel-2.2.5-3.el8.x86_64.rpm [root@localhost svn]# rpm -ivh expat-devel-2.2.5-3.el8.x86_64.rpm 警告:expat-devel-2.2.5-3.el8.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY 错误:依赖检测失败: expat(x86-64) = 2.2.5-3.el8 被 expat-devel-2.2.5-3.el8.x86_64 需要 # 下载依赖包安装 [root@localhost svn]# wget http://vault.centos.org/8.0.1905/BaseOS/Source/SPackages/expat-2.2.5-3.el8.src.rpm [root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.src.rpm 警告:expat-2.2.5-3.el8.src.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY 正在升级/安装... 1:expat-2.2.5-3.el8 ################################# [100%] 警告:用户mockbuild 不存在 - 使用root 警告:群组mockbuild 不存在 - 使用root 警告:用户mockbuild 不存在 - 使用root 警告:群组mockbuild 不存在 - 使用root 警告:用户mockbuild 不存在 - 使用root 警告:群组mockbuild 不存在 - 使用root [root@localhost svn]# groupadd mockbuild [root@localhost svn]# useradd -s /sbin/nologin mockbuild useradd:mockbuild 组已经存在 - 如果您想将此用户加入到该组,请使用 -g 参数。 [root@localhost svn]# useradd -g mockbuild -s /sbin/nologin mockbuild [root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.src.rpm 警告:expat-2.2.5-3.el8.src.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY 正在升级/安装... 1:expat-2.2.5-3.el8 ################################# [100%] [root@localhost svn]# rpm -ivh expat-devel-2.2.5-3.el8.x86_64.rpm 警告:expat-devel-2.2.5-3.el8.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY 错误:依赖检测失败: expat(x86-64) = 2.2.5-3.el8 被 expat-devel-2.2.5-3.el8.x86_64 需要 # 还是不行 [root@localhost svn]# [root@localhost svn]# rpm -ivh expat-2.2.5-3.el8.i686.rpm 警告:expat-2.2.5-3.el8.i686.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 8483c65d: NOKEY 错误:依赖检测失败: libc.so.6 被 expat-2.2.5-3.el8.i686 需要 libc.so.6(GLIBC_2.0) 被 expat-2.2.5-3.el8.i686 需要 libc.so.6(GLIBC_2.1) 被 expat-2.2.5-3.el8.i686 需要 libc.so.6(GLIBC_2.1.3) 被 expat-2.2.5-3.el8.i686 需要 libc.so.6(GLIBC_2.25) 被 expat-2.2.5-3.el8.i686 需要 libc.so.6(GLIBC_2.3.4) 被 expat-2.2.5-3.el8.i686 需要 libc.so.6(GLIBC_2.4) 被 expat-2.2.5-3.el8.i686 需要 ``` ## 继续安装APRUTIL ```bash [root@localhost svn]# cd apr-util-1.6.1 [root@localhost apr-util-1.6.1]# make && make install [root@localhost apr-util-1.6.1]# cd .. [root@localhost svn]# cd subversion-1.12.2 [root@localhost subversion-1.12.2]# ./configure An appropriate version of sqlite could not be found. We recommmend 3.8.11.1, but require at least 3.8.2. Please either install a newer sqlite on this system or get the sqlite 3.8.11.1 amalgamation from: https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip unpack the archive using unzip and rename the resulting directory to: /root/svn/subversion-1.12.2/sqlite-amalgamation configure: error: Subversion requires SQLite ``` ## 安装SQLite 首先要安装 unzip,`yum install -y zip unzip` ```bash [root@localhost svn]# wget https://www.sqlite.org/2015/sqlite-amalgamation-3081101.zip [root@localhost svn]# ll sqlite-amalgamation-3081101.zip -rw-r--r--. 1 root root 1648868 7月 30 2016 sqlite-amalgamation-3081101.zip [root@localhost svn]# unzip sqlite-amalgamation-3081101.zip # 按要求移动到对应目录 [root@localhost svn]# mv sqlite-amalgamation-3081101 /root/svn/subversion-1.12.2/sqlite-amalgamation [root@localhost svn]# cd subversion-1.12.2 [root@localhost subversion-1.12.2]# ./configure configure: zlib library configuration via pkg-config checking for zlib library... yes checking for lz4 library via pkg-config... no configure: lz4 configuration without pkg-config checking for LZ4_compress_default in -llz4... no configure: error: Subversion requires LZ4 >= r129, or use --with-lz4=internal ``` ## 安装LZ4(在线安装) ```bash [root@localhost subversion-1.12.2]# yum install -y lz4 lz4-devel configure: utf8proc configuration without pkg-config checking for utf8proc_version in -lutf8proc... no configure: error: Subversion requires UTF8PROC ``` ## 安装UTF8PROC 访问 https://github.com/JuliaStrings/utf8proc/releases/tag/v2.4.0 下载 ```bash [root@localhost subversion-1.12.2]# cd .. [root@localhost svn]# wget https://github.com/JuliaStrings/utf8proc/archive/v2.4.0.tar.gz [root@localhost svn]# wget https://github.com/JuliaStrings/utf8proc/archive/v2.4.0.zip [root@localhost svn]# unzip v2.4.0.zip [root@localhost svn]# cd utf8proc-2.4.0/ [root@localhost utf8proc-2.4.0]# make && make install [root@localhost utf8proc-2.4.0]# cd .. [root@localhost svn]# cd subversion-1.12.2 [root@localhost subversion-1.12.2]# ./configure # 终于开始安装svn了,耗时很久 [root@localhost subversion-1.12.2]# make && make install test -d /usr/local/include/subversion-1 || \ /usr/bin/install -c -d /usr/local/include/subversion-1 (subversion/svnversion/svnversion . 2> /dev/null || \ svnversion . 2> /dev/null || \ echo "unknown"; \ ) > /usr/local/include/subversion-1/svn-revision.txt [root@localhost subversion-1.12.2]# cat /usr/local/include/subversion-1/svn-revision.txt 目录 未版本控制 ``` ## 安装完成 ```bash [root@localhost subversion-1.12.2]# whereis svn svn: /usr/local/bin/svn [root@localhost subversion-1.12.2]# ls /usr/local/bin/svn* /usr/local/bin/svn /usr/local/bin/svndumpfilter /usr/local/bin/svnmucc /usr/local/bin/svnsync /usr/local/bin/svnadmin /usr/local/bin/svnfsfs /usr/local/bin/svnrdump /usr/local/bin/svnversion /usr/local/bin/svnbench /usr/local/bin/svnlook /usr/local/bin/svnserve [root@localhost subversion-1.12.2]# svnserve --version svnserve,版本 1.12.2 (r1863366) 编译于 Oct 24 2019,13:25:09 在 x86_64-unknown-linux-gnu ``` # 配置svn单个版本库 ## 创建svn代码库 ```bash # 创建一个svn仓库的总仓库,也就是“顶级仓库”,如果之后又多个svn版本库,可以都放在该目录下,便于管理 [root@localhost ~]# mkdir -p /home/svnrepository # 创建svn版本仓库,也就是“根仓库”,名字为repo_starmeow [root@localhost ~]# svnadmin create /home/svnrepository/repo_starmeow # 进入repo_starmeow版本仓库目录,修改配置 [root@localhost ~]# cd /home/svnrepository/repo_starmeow/ [root@localhost repo_starmeow]# ll 总用量 8 drwxr-xr-x. 2 root root 76 10月 24 13:50 conf drwxr-sr-x. 6 root root 233 10月 24 13:50 db -r--r--r--. 1 root root 2 10月 24 13:50 format drwxr-xr-x. 2 root root 231 10月 24 13:50 hooks drwxr-xr-x. 2 root root 41 10月 24 13:50 locks -rw-r--r--. 1 root root 246 10月 24 13:50 README.txt ``` 使用`svnadmin create`命令创建根仓库时,顶级仓库必须是存在的。根仓库目录是否存在都是可以的,若根仓库不存在,命令会自动创建根仓库目录,也就是说,如果`repo_starmeow`这个根仓库目录不管存在与否,都可以通过`svnadmin create`成功创建仓库。 ## 配置文件介绍 查看`conf`这个目录,这个是存放配置文件的 ```bash [root@localhost repo_starmeow]# cd conf/ [root@localhost conf]# ls authz hooks-env.tmpl passwd svnserve.conf ``` 原始文件内容如下 ### authz 权限控制 ```bash [root@localhost conf]# cat authz ### This file is an example authorization file for svnserve. ### Its format is identical to that of mod_authz_svn authorization ### files. ### As shown below each section defines authorizations for the path and ### (optional) repository specified by the section name. ### The authorizations follow. An authorization line can refer to: ### - a single user, ### - a group of users defined in a special [groups] section, ### - an alias defined in a special [aliases] section, ### - all authenticated users, using the '$authenticated' token, ### - only anonymous users, using the '$anonymous' token, ### - anyone, using the '*' wildcard. ### ### A match can be inverted by prefixing the rule with '~'. Rules can ### grant read ('r') access, read-write ('rw') access, or no access ### (''). [aliases] # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] # harry_and_sally = harry,sally # harry_sally_and_joe = harry,sally,&joe # [/foo/bar] # harry = rw # &joe = r # * = # [repository:/baz/fuz] # @harry_and_sally = rw # * = r ``` 配置说明 ```bash # 对所有的版本库,如果svnserve只启动一个版本库,那么只能用仓库路径表示 [/仓库路径] # 如果只有一个版本库, /path/ts 指定仓库路径 用户名1 = rw # 表示用户名1 可读写 用户名2 = r # 表示用户名2 只读 * = # 表示其他用户无任何权限 # 指定版本库,如果svnserve为多个版本库工作,指定启动到顶级目录,权限中就应该指定具体的版本库名。 [版本库名:/仓库路径] # repo_starmeow:/ 表示这个版本仓库下所有文件 用户名1 = rw # 表示用户名1 可读写 用户名2 = r # 表示用户名2 只读 * = # 表示其他用户无任何权限 ``` 权限可为`r`、`w`、`rw`,分别代表只可读,只可写,可读可写,这里`r`、`w`、`rw`只针对 仓库路径 最后层级的目录生效。 仓库路径下有子目录,且子目录未配置独立的权限,子目录可以继承父目录的角色权限。 目录中还有目录特别设置权限的话,如果上一级用户拥有权限但是没有拥有特定的这个权限的话,是看不到的该文件夹的。或者说,拥有子目录权限但是没有主目录权限的话,可以直接通过完全的子目录链接来达到访问的目的。 扩展,用户分组表示 ```bash [groups] 部门1 = 用户名1,用户名2 部门2 = 用户名3 [<版本库>:/项目/目录] @部门1 = rw # 部门1中的用户可读写 @部门2 = r # 部门2的用户只读 用户名4 = rw # 用户名4可读写 ``` ### passwd 帐号密码 ```bash [root@localhost conf]# cat passwd ### This file is an example password file for svnserve. ### Its format is similar to that of svnserve.conf. As shown in the ### example below it contains one section labelled [users]. ### The name and password for each user follow, one account per line. [users] # harry = harryssecret # sally = sallyssecret ``` 只需要在每一行配置`用户名 = 密码`表示 ### svnserve.conf SVN服务配置 ```bash [root@localhost conf]# cat svnserve.conf ### This file controls the configuration of the svnserve daemon, if you ### use it to allow access to this repository. (If you only allow ### access through http: and/or file: URLs, then this file is ### irrelevant.) ### Visit http://subversion.apache.org/ for more information. [general] ### The anon-access and auth-access options control access to the ### repository for unauthenticated (a.k.a. anonymous) users and ### authenticated users, respectively. ### Valid values are "write", "read", and "none". ### Setting the value to "none" prohibits both reading and writing; ### "read" allows read-only access, and "write" allows complete ### read/write access to the repository. ### The sample settings below are the defaults and specify that anonymous ### users have read-only access to the repository, while authenticated ### users have read and write access to the repository. # anon-access = read # auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. # password-db = passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the ### directory containing this file. The specified path may be a ### repository relative URL (^/) or an absolute file:// URL to a text ### file in a Subversion repository. If you don't specify an authz-db, ### no path-based access control is done. ### Uncomment the line below to use the default authorization file. # authz-db = authz ### The groups-db option controls the location of the file with the ### group definitions and allows maintaining groups separately from the ### authorization rules. The groups-db file is of the same format as the ### authz-db file and should contain a single [groups] section with the ### group definitions. If the option is enabled, the authz-db file cannot ### contain a [groups] section. Unless you specify a path starting with ### a /, the file's location is relative to the directory containing this ### file. The specified path may be a repository relative URL (^/) or an ### absolute file:// URL to a text file in a Subversion repository. ### This option is not being used by default. # groups-db = groups ### This option specifies the authentication realm of the repository. ### If two repositories have the same authentication realm, they should ### have the same password database, and vice versa. The default realm ### is repository's uuid. # realm = My First Repository ### The force-username-case option causes svnserve to case-normalize ### usernames before comparing them against the authorization rules in the ### authz-db file configured above. Valid values are "upper" (to upper- ### case the usernames), "lower" (to lowercase the usernames), and ### "none" (to compare usernames as-is without case conversion, which ### is the default behavior). # force-username-case = none ### The hooks-env options specifies a path to the hook script environment ### configuration file. This option overrides the per-repository default ### and can be used to configure the hook script environment for multiple ### repositories in a single file, if an absolute path is specified. ### Unless you specify an absolute path, the file's location is relative ### to the directory containing this file. # hooks-env = hooks-env [sasl] ### This option specifies whether you want to use the Cyrus SASL ### library for authentication. Default is false. ### Enabling this option requires svnserve to have been built with Cyrus ### SASL support; to check, run 'svnserve --version' and look for a line ### reading 'Cyrus SASL authentication is available.' # use-sasl = true ### These options specify the desired strength of the security layer ### that you want SASL to provide. 0 means no encryption, 1 means ### integrity-checking only, values larger than 1 are correlated ### to the effective key length for encryption (e.g. 128 means 128-bit ### encryption). The values below are the defaults. # min-encryption = 0 # max-encryption = 256 ``` 配置文件分析 ```bash anon-access = read auth-access = write # anon-access(匿名访问)和auth-access(认证访问)选项,分别用于控制未认证用户和与认证用户对svn版本库的访问,其可选值包含 write,read,none,如果设置为none则无对版本库的读写访问权限;设置为write则有可读可写权限;设置为read则只有读权限。 password-db = passwd # 用于控制密码数据库文件的位置,除非指定了一个带符号‘/’ 的路径,否则文件的位置为包含该配置文件的相对路径,如果开启了SASL,则该文件配置不起作用。 authz-db = authz # 控制基于路径访问控制的认证规则的位置。除非指定了带‘/’的路径,否则该文件位置为包含该配置文件的相对位置。如果不指定authz-db,则没有基于路径的访问控制。 realm = My First Repository # 指定了版本库的认证域(authentication realm)。如果两个版本库有同样的认认证域(authentication realm),他们应该有相同的密码数据库,反之亦然。缺省的 realm为版本库的uuid ``` ## 不修改原始配置启动svn 暂时不修改上面的配置文件,之前已经创建代码库,创建了`/home/svnrepository`顶级仓库,也就是存放所有版本库的目录,另外还创建了`/home/svnrepository/repo_starmeow`根仓库,主要用于存放项目。 ### 启动根目录为版本库根目录(单库启动) `-r`直接指定到版本库(称之为单库svnserve方式),在这种情况下,一个svnserve只能为一个版本库工作。 ```bash [root@localhost conf]# svnserve -d -r /home/svnrepository/repo_starmeow/ --listen-port 3690 [root@localhost conf]# ps -ef | grep svn root 81637 1 0 08:48 ? 00:00:00 svnserve -d -r /home/svnrepository/repo_starmeow/ root 81639 77434 0 08:48 pts/2 00:00:00 grep --color=auto svn [root@localhost conf]# netstat -anp | grep svn tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 81637/svnserve ``` - `-d`是daemon,使svnserve运行在后台,接收tcp/ip连接,默认端口是3690。 - `-r`是root,指明了svnserve启动的虚拟目录(根目录),上面示例中指定 /home/svnrepository 为虚拟目录。 - `--listen-port`指定端口,如果使用3690,可以不用加该选项。 客户端测试 ```bash PS D:\SVNProject> svn checkout svn://192.168.126.134 svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134' svn: E730060: Can't connect to host '192.168.126.134': 由于连接方在一段时间后没有正确答复或连接的主机没有反应,连接尝试 失败。 ``` #### 服务器允许端口通过防火墙 需要允许该端口通过防火墙 ```bash [root@localhost conf]# firewall-cmd --permanent --zone=public --add-port=3690/tcp success [root@localhost conf]# firewall-cmd --reload success ``` #### 客户端检出 ```bash PS D:\SVNProject> svn checkout svn://192.168.126.134 # 直接检出到当前目录 Checked out revision 0. # 提示检出版本为0 PS D:\SVNProject> svn checkout svn://192.168.126.134/ D:\SVNProject # 检出到指定目录 Checked out revision 0. PS D:\SVNProject> svn checkout svn://192.168.126.134:3690 # 如果服务器不是使用的默认端口3690,需要自行指定 Checked out revision 0. ``` 检出完成后会在本地生成一个`.svn`隐藏目录,里面内容如下 ![BLOG_20191026_212005_18](/media/blog/images/2019/10/BLOG_20191026_212005_18.png "博客图集BLOG_20191026_212005_18.png") **当使用`-r`参数指定根目录为版本库 根仓库 时,是将版本库根目录中的所有文件检出到本地目录。** ### 指定根目录为版本库顶级目录(多库启动) `-r`指定到版本库的上级目录(称之为多库svnserve方式),这种情况,一个svnserve可以为多个版本库工作, 这时如果想限制指定库的指定目录,就应该指定具体的库名称。 ```bash [root@localhost conf]# svnserve -d -r /home/svnrepository [root@localhost conf]# ps -ef | grep svn | grep -v grep root 81986 1 0 10:17 ? 00:00:00 svnserve -d -r /home/svnrepository ``` #### 客户端检出 ```bash PS D:\SVNProject> svn checkout svn://192.168.126.134 svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134' svn: E210005: No repository found in 'svn://192.168.126.134' PS D:\SVNProject> svn checkout svn://192.168.126.134/repo_starmeow # 需要指定根仓库repo_starmeow Checked out revision 0. ``` 如果不指定本地检出目录,则会在当前目录下创建一个根仓库名称,然后在该目录下进行检出。 ![BLOG_20191026_211957_95](/media/blog/images/2019/10/BLOG_20191026_211957_95.png "博客图集BLOG_20191026_211957_95.png") ```bash PS D:\SVNProject> svn checkout svn://192.168.126.134/repo_starmeow D:\SVNProject\ Checked out revision 0. ``` 如果指定了检出目录,则直接将仓库中的文件检出到本地目录。 ![BLOG_20191026_211950_65](/media/blog/images/2019/10/BLOG_20191026_211950_65.png "博客图集BLOG_20191026_211950_65.png") **当使用`-r`参数指定根目录为版本库 顶级仓库 时,在检出链接中需要指定根仓库名称,且如果不指定本地目录,则会在当前目录下创建根仓库名称的文件夹,然后在其中检出文件。** ## 修改文件配置帐密及权限 > **切记:每个配置的后面不能添加其他文字,带#的注释也不允许,例如`auth-access = write # 授权用户可写`** ### 要求使用帐密登录 将 svnserve.conf 备份并修改 ```bash [root@localhost conf]# cp svnserve.conf svnserve.conf.bak [root@localhost conf]# ls authz hooks-env.tmpl passwd svnserve.conf svnserve.conf.bak [root@localhost conf]# vim svnserve.conf # 修改配置如下 [root@localhost conf]# cat svnserve.conf | grep -v "###" [general] # 匿名用户只读,可设置为none,表示匿名用户无法访问 anon-access = none # 授权用户可写 auth-access = write # 指定帐密文件 password-db = passwd # 指定权限文件 # authz-db = authz # groups-db = groups # 每个svn项目认证空间名,会在认证提示中显示,建议写项目名称 realm = My Project StarMeow # force-username-case = none # hooks-env = hooks-env [sasl] # use-sasl = true # min-encryption = 0 # max-encryption = 256 ``` 修改帐密文件 ```bash [root@localhost conf]# cat passwd | grep -v "###" [users] admin = admin test = test user = user ``` 测试使用帐密连接 ```bash PS D:\SVNProject> svn list svn://192.168.126.134/ svn: E170013: Unable to connect to a repository at URL 'svn://192.168.126.134' svn: E210005: No repository found in 'svn://192.168.126.134' # 同样也是需要执行版本库名称 # 登录的时候提示输入用户名密码 PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow Authentication realm: <svn://192.168.126.134:3690> My Project StarMeow Password for 'LR': # 默认会用本机用户名登录,再次回车自行输入用户名 Authentication realm: <svn://192.168.126.134:3690> My Project StarMeow Username: admin Password for 'admin': ***** # 指定登录用户名密码 PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow --username user --password error Authentication realm: <svn://192.168.126.134:3690> My Project StarMeow Username: user Password for 'user': **** PS D:\SVNProject> svn list svn://192.168.126.134/repo_starmeow --username user --password user ``` - `--username user`指定登录的用户名为`user`。 - `--password user`指定登录的密码为`user`。 - 如果帐密出错会要求手动登录。 - 不指定检出目录,会在本地生成一个版本库名称的目录,执行检出。 ### 使用用户权限控制 上面实现了匿名无法访问,用户登录后可读可写,接下来实现对用户权限控制。 修改配置文件,指定权限验证的文件`authz-db = authz`,默认为当前目录的`authz`文件 ```bash [root@localhost conf]# vim svnserve.conf # 修改配置如下 [root@localhost conf]# cat svnserve.conf | grep -v "###" [general] # 匿名用户只读,可设置为none,表示匿名用户无法访问 anon-access = none # 授权用户可写 auth-access = write # 指定帐密文件 password-db = passwd # 指定权限文件 authz-db = authz # groups-db = groups # 每个svn项目认证空间名,会在认证提示中显示,建议写项目名称 realm = My Project StarMeow # force-username-case = none # hooks-env = hooks-env [sasl] # use-sasl = true # min-encryption = 0 # max-encryption = 256 ``` 修改权限文件,对顶级目录做权限控制。 ```bash [root@localhost conf]# cp authz authz.bak [root@localhost conf]# cat authz | grep -v "###" [groups] admin = admin user = test,user # 代表根目录下所有的资源 [/] @admin = rw @user = r * = ``` **配置文件修改后不需要重启服务,也就是不需要将`svnserve`进程关闭后开启** ### 测试连接 可以使用svn客户端进行测试 ![BLOG_20191026_211939_40](/media/blog/images/2019/10/BLOG_20191026_211939_40.png "博客图集BLOG_20191026_211939_40.png") 当使用`@user`这个组内的用户进行访问时,可以读取文件,假如要进行了增删改再提交会报错 ![BLOG_20191026_211932_71](/media/blog/images/2019/10/BLOG_20191026_211932_71.png "博客图集BLOG_20191026_211932_71.png") 以另一个用户重启,输入有写权限的用户,就可以提交成功了。 ![BLOG_20191026_211927_59](/media/blog/images/2019/10/BLOG_20191026_211927_59.png "博客图集BLOG_20191026_211927_59.png") # 多个版本库配置 接下来换一台服务器,同样安装好相应的软件 ## 创建顶级仓库目录 ```bash # CentOS7防火墙允许端口 [root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=3690/tcp success [root@localhost ~]# firewall-cmd --reload success # 使用在线方式安装subversion [root@localhost ~]# yum install -y subversion # 进入svn顶层仓库,创建两个svn版本库 [root@localhost ~]# cd /home/svnrepository/ [root@localhost svnrepository]# pwd /home/svnrepository ``` ## 创建多个根仓库 ```bash # 创建2个版本库,分别为ProjectCC、ProjectXY,可以指定绝对路径 [root@localhost svnrepository]# svnadmin create /home/svnrepository/ProjectCC [root@localhost svnrepository]# svnadmin create ProjectXY [root@localhost svnrepository]# ls ProjectCC ProjectXY # 创建整个配置文件,用于存放每个版本库共同使用的帐密和权限,而每个版本库对应的配置文件保留在原来位置 [root@localhost svnrepository]# mkdir RootConf [root@localhost svnrepository]# cp ProjectCC/conf/{authz,passwd} RootConf/ [root@localhost svnrepository]# ls RootConf/ authz passwd ``` ## 修改各个版本仓库配置 ```bash # 接下来修改每个版本库对应的帐密和权限文件 # 修改第一个项目 [root@localhost svnrepository]# vim ProjectCC/conf/svnserve.conf [root@localhost svnrepository]# cat ProjectCC/conf/svnserve.conf | grep -v "###" [general] anon-access = none auth-access = write password-db = /home/svnrepository/RootConf/passwd authz-db = /home/svnrepository/RootConf/authz realm = Project CC Repository # force-username-case = none [sasl] # use-sasl = true # min-encryption = 0 # max-encryption = 256 # 修改第二个项目 [root@localhost svnrepository]# vim ProjectXY/conf/svnserve.conf [root@localhost svnrepository]# cat ProjectXY/conf/svnserve.conf | grep -v "###" [general] anon-access = none auth-access = write password-db = /home/svnrepository/RootConf/passwd authz-db = /home/svnrepository/RootConf/authz realm = Project XY Repository # force-username-case = none [sasl] # use-sasl = true # min-encryption = 0 # max-encryption = 256 ``` ## 启动svn服务器 ```bash # 启动svn服务器,指定根目录为顶级目录 [root@localhost svnrepository]# svnserve -d -r /home/svnrepository && ps aux | grep svn | grep -v grep root 1418 0.0 0.0 180736 808 ? Ss 13:41 0:00 svnserve -d -r /home/svnrepository # 查看服务器的IP [root@localhost svnrepository]# ip a | grep ens33 | grep inet | awk '{print $2}' | awk -F '/' '{print $1}' 192.168.99.100 ``` ## 客户端进行检出 ![BLOG_20191026_211918_49](/media/blog/images/2019/10/BLOG_20191026_211918_49.png "博客图集BLOG_20191026_211918_49.png") 能弹出这个,表明服务器运行正常了 ![BLOG_20191026_211913_39](/media/blog/images/2019/10/BLOG_20191026_211913_39.png "博客图集BLOG_20191026_211913_39.png") ## 配置多个版本库共同帐密和权限文件 接下来配置服务器帐密和权限 ```bash [root@localhost svnrepository]# cd RootConf/ [root@localhost RootConf]# ls authz passwd # 编辑帐密文件,添加用户名和密码,用于整个svn项目的登录认证 [root@localhost RootConf]# vim passwd [root@localhost RootConf]# cat passwd | grep -v "###" [users] admin = admin_passwd liuming = liuming_passwd wangpeng = wangpeng_passwd liwen = liwen_passwd zhaohe = zhaohe_passwd # 如果有多个用户,继续在后面添加即可 # 配置权限文件,对不同的版本库和目录创建不同的权限 [root@localhost RootConf]# vim authz [root@localhost RootConf]# cat authz | grep -v "###" [aliases] [groups] admin = admin # CC项目组管理 cc_man = liuming # CC项目组美术 cc_ms = zhaohe # CC项目组程序 cc_cx = wangpeng,liwen #[/] # 所有版本库权限,管理员组读写,其他人无权限 #@admin = rw #* = [ProjectXY:/] # 存放公共资料,所有人可读 * = r [ProjectCC:/] # 超级管理员、项目组管理员所有权限 @admin = rw @cc_man = rw * = # 项目ProjectCC中admin组、cc_man组拥有根目录的读写权限,可以通过svn://192.168.99.100/ProjectCC检出 [ProjectCC:/code] @admin = rw @cc_man = rw # 项目代码只有程序可读可写 @cc_cx = rw * = # 项目ProjectCC中admin组、cc_man组拥有根目录的读写权限,由于子目录 /code 配置独立的权限,对该目录专有权限的cc_cx组需要设置读写权限,由于cc_cx组员对svn://192.168.99.100/ProjectCC不可访问,可以通过 svn://192.168.99.100/ProjectCC/code这种完全的子目录链接来达到访问的目的。 [ProjectCC:/resource] @admin = rw @cc_man = rw # 美术资源美术人员读写,程序只读 @cc_ms = rw @cc_cx = r * = ``` ## 客户端用不同权限检出 admin组拥有所有权限,就可以访问到所有目录。 ![BLOG_20191026_211902_57](/media/blog/images/2019/10/BLOG_20191026_211902_57.png "博客图集BLOG_20191026_211902_57.png") 而对于cc_ms组的只有resource的权限,则只能查看到该目录 ![BLOG_20191026_211856_49](/media/blog/images/2019/10/BLOG_20191026_211856_49.png "博客图集BLOG_20191026_211856_49.png") 检出整个项目会失败。 ![BLOG_20191026_211852_18](/media/blog/images/2019/10/BLOG_20191026_211852_18.png "博客图集BLOG_20191026_211852_18.png") ![BLOG_20191026_211846_35](/media/blog/images/2019/10/BLOG_20191026_211846_35.png "博客图集BLOG_20191026_211846_35.png") 然而完全路径是可以检出的。 ![BLOG_20191026_211841_97](/media/blog/images/2019/10/BLOG_20191026_211841_97.png "博客图集BLOG_20191026_211841_97.png") 也就是只能使用 svn://192.168.99.100/ProjectCC/resource 这种链接去访问。 # 关闭或重启svn服务 ```bash [root@localhost conf]# killall svnserve [root@localhost conf]# netstat -anp | grep svn tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 77314/svnserve [root@localhost conf]# kill -9 77314 [root@localhost conf]# kill -9 `ps -ef | grep svn | grep -v grep | awk '{print $2}'` [root@localhost conf]# netstat -anp | grep svn # 重启svn服务 [root@localhost conf]# kill -9 `ps -ef | grep svn | grep -v grep | awk '{print $2}'` && svnserve -d -r /home/svnrepository && ps aux | grep svn | grep -v grep ```
很赞哦! (4)
相关文章
文章交流
- emoji