Subversion Docs & How-To
A short overview on our subversion set up & configuration and a short how-to.
README
—
README document,
6 kB (6296 bytes)
File contents
SVN Documentation ------------------------------------------------------------------------------- Last modified: Thursday, March 4, 2010 by Kevin Luikens Table of Contents: 1. How to add a user to the Subversion user list 2. Create a repository 3. Restricting and allowing access to a repository 4. Basic SVN usage 5. Links to more documentation Current directory map: . |-- .bash_history |-- .ssh | |-- authorized_keys | `-- keys | |-- bzhang_id_dsa.pub | |-- kevin2.pub | |-- qingju_id_rsa.pub | `-- yic_id_rsa.pub |-- README |-- conf | |-- passwd | |-- servers | `-- svnserve.conf `-- repos User info: name svn pass [retracted] ------------------------------------------------------------------------------- 1. How to add a user to the Subversion user list To add a user to the svn access list, you'll need to edit the authorized_keys file in /var/svn/.ssh/authorized_keys You'll add the following command and options, plus the user's key. This way, when a client tries to access a svn repository they'll be tunneled to a username based upon their key. command="svnserve -t -r /var/svn/repos --tunnel-user=kevin", no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty TYPE KEY COMMENT It will be best to copy a line that is already in the file, and NOT from the text above as the above paragraph has newlines and will break the ssh parser if used. Replace "kevin" in --tunnel-user=kevin with the desired username. My approach to adding users was to copy the key into the same directory and use cat to copy the key contents in. cat ./kevin.pub >> authorized_keys Now, edit authorized_keys so that the entry is contained on one line. If using vim, this is easy to see if you issue the command :set list You will see "$"s every where there is a newline. When done, check to make sure that each of the files and directories are still owned by "svn". This is important, because if authorized_keys can't be accessed, it will be possible to gain access to a bash shell if the password is known. To do this, make sure you are at the following path: /var/svn/.ssh/ and issue the following command: sudo chown -R svn:svn ./* 2. Create a repository From here, you must use svn tools. Make sure you are within the directory /var/svn/repos or that you use that full path + your new repo name. This is important for organization and for the fact that svn access will be restricted to the above path. To create a repo, ssh into Dyadis with your regular user name and issue the following command where "myawesomepaper" is the title of the repo (sudo is likely necessary): svnadmin create /var/svn/repos/myawesomepaper 3. Restricting and allowing access to a repository Upon creation of a repository, there are multiple folders created that are necessary for its function: conf dav db hooks locks In order to restrict and allow access, it will be necessary to edit files within the "conf" directory. I've created configuration templates to copy at /var/svn/conf/authz /var/svn/conf/passwd /var/svn/conf/svnserve.conf For clarity, after you copy them they should reside at a path like: /var/svn/repos/myawesomepaper/conf/authz What are the differences between default and our configs? svnserve.conf ------------------------------------------------------------------- anon-access = none authz-db = authz realm = UA Networks Research Lab Although authentication is already managed by ssh and keys, anon-access is still set to none in the case of an unknown access method. This makes sure that you are authenticated by ssh key and that no unknown users can read the repository. Uncomment the authz-db line so that it will be used. This file is necessary for the creation of groups and setting their access level. Set realm so that if a user is prompted for credentials, they will see whose repository they are connecting to. authz ------------------------------------------------------------------- networkslab = bzhang,kluikens,qingju,yic,zhaox [/] * = @networkslab = rw Created a group titled "networkslab" and added users that should belong to this group. Next entry refers to the repository and who gets to what. [/] Define access to the repository with respect to specified path (root path in this case) from root of repo. If you specified "[/new]", you would be defining access rules for the "new" folder within the repo. * = Everyone can NOT read or write. @networkslab=rw Group networkslab can read and write at this level. ***************************************************************** ** Reminder: each repo needs to have these files, they are not ** ** centralized. ** ***************************************************************** 4. Basic SVN usage svn checkout Check out a copy of the repo to your local machine. Our usage will look like: svn co svn+ssh://svn@dyadis.cs.arizona.edu/myawesomepaper Use svn for the user -- your user name is pre-configured inside the authorized_keys file to correspond with your key. svn add Add a file to the repository. If you create a file inside the project but do not "add" it, it will be ignored until you do. svn diff View a diff output of the changes you've made since the last commit. svn commit Commit a series of changes to the working repository. Can be used with the "m" option to avoid a text editor prompt for a commit message. Example: svn commit -m "This commit fixes the internet." svn update Bring your working copy up to date and sync with the master version on Dyadis. 5. Links to more documentation SVN Quickstart http://svnbook.red-bean.com/en/1.4/svn.intro.quickstart.html Original source for design decisions http://svnbook.red-bean.com/en/1.4/svn.serverconfig.svnserve.html #svn.serverconfig.svnserve.sshtricks svn channel on irc Free Subversion book (highly regarded) http://svnbook.red-bean.com/ Subversion home page http://subversion.apache.org/ ------------------------------------------------------------------------------- The End
Document Actions
Forgot your password?
