Given the tight timeline to configure subversion with httpd access having multiple users, I found that it’s not a big deal. Although, as there’s excellent reference available online for subversion, this quick howto will be helpful to point out just the essential statements.
What I want:
A subversion server having multiple repository in /svn directory and accessible through http url like http://svn.example.com. You can not browse svn repositories without supplying a valid username/password. All users have read only access to all repositories while only one user ‘svnadmin’ have read/write (commit,update etc.) access to svn.
Step 1. I assume you have downloaded and installed subversion either by using rpms or by compiling it. Let’s say multiple subversion repositories are in single directory: /svn
Step 2. Open /etc/httpd/conf.d/subversion.conf file which should be already there, update the file as follows. Keep in mind to change values as per your own setup:
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
AuthName “My Subversion Server”
SVNParentPath /svn means we have multiple repositories in /svn directory and /svn is specified as parent location.
Location directive is there to indicate we are implementing some restrictions/rules for /svn directory.
AuthzSVNAccessFile /etc/subversion/svnpath.users tells the mod_authz_svn module to look in svnpath.users file for path based access rules. Please note that I’ve created /etc/subversion directory explicitly to store such custom files. One question you may ask here is why I’m using path based access which is discouraged in general use? Well, I tried several settings in apache config file to enable read-only access for all valid users and read/write access for one particular user. My attempts didn’t yield desired results, so I jumped immediately on other alternative which means performance of my server will be compromised by a little.
Update the file as per below:
# vim /etc/subversion/svnpath.users
* = r
svnadmin = rw
In the file [/] means parent directory where all repositories are stored, you can also specify single repository name here. and * = r means all users have read access, svnadmin = rw means a ‘svnadmin’ user has read/write access.
AuthUserFile /etc/subversion/svnaccess.users statement means Apache should look in svnaccess.users file for available users and passwords. We can create this file using htpasswd command:
# htpasswd -cm /etc/subversion/svnaccess.users svnread
supply the password for ‘svnread’ user. create another user which will have read/write access:
# htpasswd -m /etc/subversion/svnaccess.users svnadmin
supply the password for ‘svnadmin’ user.
Save the subversion.conf file and reload httpd service:
# /etc/init.d/httpd reload
Now try to access you svn repositories from any machine on net, it should go smooth. While committing you may encounter following error:
svn: Commit failed (details follow):
svn: Can’t create directory ‘/svn/testrepo/db/transactions/51-1.txn’: Permission denied
It means the user under Apache running (generally apache in RHEL/CentOS/Fedora) doesnt have permission for /svn directory. You can assign permission in subversion server:
# chown root:apache /svn -R
# chmod 775 /svn -R
Try again and you should be able to access/update svn now without any issue.