Install
To install Subversion, issue the following command:
sudo aptitude install subversion
Create a Root Path For The Subversion Repositories
Create a directory for Subversion files and your repositories. For example:
sudo -P mkdir /mnt/data/svn/repos
Restricting Access
We'll create a new group to manage a clean way of keeping permissions working for any repository that is created.
sudo addgroup svnusers
We'll set the permissions for the repos directory so that only the owner (root) and group (svnusers) have read/write access. All other users will have no access.
sudo chown -R root.svnusers /mnt/data/svn/repos
sudo chmod 2770 /mnt/data/svn/repos
Enabling Access For A User
This is simply a case of adding the user to the newly created svnusers group.
sudo usermod -a -G svnusers username
Creating a Wrapper Script for Svnserve Command (Optional)
Using the svn+ssh protocol unfortunately discloses the absolute path of any Subversion project repository stored on the server's file system. This is quite unfortunate due to security reasons. The purpose of this wrapper script is to hide the root directory on your server where you store all your Subversion repositories.
First of all, rename the original svnserve command into svnserve.bin (it usually resides in /usr/bin/svnserve)
sudo mv /usr/bin/svnserve /usr/bin/svnserve.bin
Now create a new file called /usr/bin/svnserve with the following content:
#!/bin/sh
# wrap in order to put root in by default
#
exec /usr/local/bin/svnserve.bin -r /mnt/data/svn/repos "$@"
The -r option ensures that all URL specified paths (only the projects) will be appended to this root path. In other words this setup ensures that you only get access to repository projects inside the root path.
The wrapper script must be executable (and readable) by all.
sudo chmod u+wrx,g+rx-w,o+xr-w svnserve
Creating A New Repository
sudo svnadmin create /mnt/data/svn/repos/project1
Finally, we need to remove the "other user" access of the new folder and contents (so that members of the group svnusers have access):
sudo chmod -R o-rwx /usr/share/subversion/repositories/project1
Accessing A Repository
If No Wrapper Script Used
Each repositories URL takes the following form:
svn+ssh://host.domain.com/mnt/data/svn/repos/project1
If Wrapper Script Used
Each repositories URL takes the following form:
svn+ssh://host.domain.com/project1