Linux Admin Zone

Given the tight timeline to configure subversion with httpd access having multiple users, I found that it’s not a big deal. Although, as there’s excellent reference available online for subversion, this quick howto will be helpful to point out just the essential statements.

What I want:
A subversion server having multiple repository in /svn directory and accessible through http url like http://svn.example.com. You can not browse svn repositories without supplying a valid username/password. All users have read only access to all repositories while only one user ‘svnadmin’ have read/write (commit,update etc.) access to svn.

Step 1. I assume you have downloaded and installed subversion either by using rpms or by compiling it. Let’s say multiple subversion repositories are in single directory: /svn

Step 2. Open /etc/httpd/conf.d/subversion.conf file which should be already there, update the file as follows. Keep in mind to change values as per your own setup:

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

<VirtualHost *:80>
ServerName svn.example.com
ServerAdmin root@localhost

<Location /svn>
DAV svn
SVNParentPath /svn
AuthType Basic
AuthName “My Subversion Server”
AuthzSVNAccessFile /etc/subversion/svnpath.users
AuthUserFile /etc/subversion/svnaccess.users
Require valid_user
</Location>
</VirtualHost>

Here,

SVNParentPath /svn means we have multiple repositories in /svn directory and /svn is specified as parent location.

Location directive is there to indicate we are implementing some restrictions/rules for /svn directory.

AuthzSVNAccessFile /etc/subversion/svnpath.users tells the mod_authz_svn module to look in svnpath.users file for path based access rules. Please note that I’ve created /etc/subversion directory explicitly to store such custom files. One question you may ask here is why I’m using path based access which is discouraged in general use? Well, I tried several settings in apache config file to enable read-only access for all valid users and read/write access for one particular user. My attempts didn’t yield desired results, so I jumped immediately on other alternative which means performance of my server will be compromised by a little.
Update the file as per below:
# vim /etc/subversion/svnpath.users

[/]
* = r
svnadmin = rw

In the file [/] means parent directory where all repositories are stored, you can also specify single repository name here. and * = r means all users have read access, svnadmin = rw means a ‘svnadmin’ user has read/write access.

AuthUserFile /etc/subversion/svnaccess.users statement means Apache should look in svnaccess.users file for available users and passwords. We can create this file using htpasswd command:

# htpasswd -cm /etc/subversion/svnaccess.users svnread

supply the password for ‘svnread’ user. create another user which will have read/write access:

# htpasswd -m /etc/subversion/svnaccess.users svnadmin

supply the password for ‘svnadmin’ user.

Save the subversion.conf file and reload httpd service:

# /etc/init.d/httpd reload

Now try to access you svn repositories from any machine on net, it should go smooth. While committing you may encounter following error:

svn: Commit failed (details follow):
svn: Can’t create directory ‘/svn/testrepo/db/transactions/51-1.txn’: Permission denied

It means the user under Apache running (generally apache in RHEL/CentOS/Fedora) doesnt have permission for /svn directory. You can assign permission in subversion server:

# chown root:apache /svn -R
# chmod 775 /svn -R

Try again and you should be able to access/update svn now without any issue.