Subversion

Install

To install Subversion, issue the following command:

sudo aptitude install subversion

Create a Root Path For The Subversion Repositories

Create a directory for Subversion files and your repositories. For example:

sudo -P mkdir /mnt/data/svn/repos

Restricting Access

We'll create a new group to manage a clean way of keeping permissions working for any repository that is created.

sudo addgroup svnusers

We'll set the permissions for the repos directory so that only the owner (root) and group (svnusers) have read/write access. All other users will have no access.

sudo chown -R root.svnusers /mnt/data/svn/repos
sudo chmod 2770 /mnt/data/svn/repos

Enabling Access For A User

This is simply a case of adding the user to the newly created svnusers group.

sudo usermod -a -G svnusers username

Creating a Wrapper Script for Svnserve Command (Optional)

Using the svn+ssh protocol unfortunately discloses the absolute path of any Subversion project repository stored on the server's file system. This is quite unfortunate due to security reasons. The purpose of this wrapper script is to hide the root directory on your server where you store all your Subversion repositories.

First of all, rename the original svnserve command into svnserve.bin (it usually resides in /usr/bin/svnserve)

sudo mv /usr/bin/svnserve /usr/bin/svnserve.bin

Now create a new file called /usr/bin/svnserve with the following content:

#!/bin/sh 
# wrap in order to put root in by default 
#
exec /usr/local/bin/svnserve.bin -r /mnt/data/svn/repos "$@"

The -r option ensures that all URL specified paths (only the projects) will be appended to this root path. In other words this setup ensures that you only get access to repository projects inside the root path.

The wrapper script must be executable (and readable) by all.

sudo chmod u+wrx,g+rx-w,o+xr-w svnserve

Creating A New Repository

sudo svnadmin create /mnt/data/svn/repos/project1

Finally, we need to remove the "other user" access of the new folder and contents (so that members of the group svnusers have access):

sudo chmod -R o-rwx /usr/share/subversion/repositories/project1

Accessing A Repository

If No Wrapper Script Used

Each repositories URL takes the following form:

svn+ssh://host.domain.com/mnt/data/svn/repos/project1

If Wrapper Script Used

Each repositories URL takes the following form:

svn+ssh://host.domain.com/project1

References

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License