debian 安裝svn apache 小記. AuthzSVNAccessFile 不生效問題.

 

docker 使用docker鏡像搭建svn+Apache環境

https://my.oschina.net/u/2006667/blog/637882

 

1,安裝 apache ,svnapt-get install apache2 subversion libapache2-svn

不安裝apache  是不能經過http方式來訪問的.

 subversion服務器是不須要apache的，可是可使用apache，視具體狀況來選擇。
        一、若是隻要經過file://或svn://來訪問，則不須要apache，只安裝svn便可，使用svnserve來做爲服務。
        二、若是你要創建一個能夠經過http://或https://來訪問的版本庫服務器，則你須要使用apache。

2,版本信息.

root# svn --version
svn, version 1.6.17 (r1128011)
compiled Dec 20 2014, 19:48:25

root#apachectl -v

Server version: Apache/2.2.22 (Debian)
Server built: Dec 23 2014 22:48:32

 

3,建立版本庫並將全部權轉讓給apache2

svnadmin create  /disk1/d1/svn/project

chown www-data:www-data -R  /disk1/d1/svn/project

 

4,修改 /etc/apache2/mods-enabled/dav_svn.conf

其實是軟件鏈接:

root@iZ233or8cn2Z:/etc/apache2/mods-enabled# ls -l

lrwxrwxrwx 1 root root 30 Jul 2 17:05 dav_svn.conf -> ../mods-available/dav_svn.conf

對應了 /mods-available/dav_svn.conf  這個文件.

打開這個文件可見內容.網上不少版本的dav_svn.conf已經不是最新的版本了.

root@iZ233or8cn2Z:/etc/apache2/mods-enabled# cat dav_svn.conf
# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
#
# NOTE: for a setup with multiple vhosts, you will want to do this
# configuration in /etc/apache2/sites-available/*, not here.

# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
# Note, a literal /svn should NOT exist in your document root.
<Location /svn>

  # Uncomment this to enable the repository
  DAV svn

  # Set this to the path to your repository
  #SVNParentPath /disk1/d1/svn/project
  # Alternatively, use SVNParentPath if you have multiple repositories under
  # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
  # You need either SVNPath and SVNParentPath, but not both.
  SVNParentPath /disk1/d1/svn

  # Access control is done at 3 levels: (1) Apache authentication, via
  # any of several methods.  A "Basic Auth" section is commented out
  # below.  (2) Apache <Limit> and <LimitExcept>, also commented out
  # below.  (3) mod_authz_svn is a svn-specific authorization module
  # which offers fine-grained read/write access control for paths
  # within a repository.  (The first two layers are coarse-grained; you
  # can only enable/disable access to an entire repository.)  Note that
  # mod_authz_svn is noticeably slower than the other two layers, so if
  # you don't need the fine-grained control, don't configure it.

  # Basic Authentication is repository-wide.  It is not secure unless
  # you are using https.  See the 'htpasswd' command to create and
  # manage the password file - and the documentation for the
  # 'auth_basic' and 'authn_file' modules, which you will need for this
  # (enable them with 'a2enmod').
  AuthType Basic
  AuthName "Subversion Repository"
#用戶密碼文件.
  AuthUserFile /etc/apache2/dav_svn.passwd

  # To enable authorization via mod_authz_svn (enable that module separately):
  <IfModule mod_authz_svn.c>
　　#用戶權限 認證文件
  AuthzSVNAccessFile /etc/apache2/dav_svn.authz
  </IfModule>

  # The following three lines allow anonymous read, but make
  # committers authenticate themselves.  It requires the 'authz_user'
  # module (enable it with 'a2enmod').
  #<LimitExcept GET PROPFIND OPTIONS REPORT>
#須要用戶認證
    Require valid-user
  #</LimitExcept> 

</Location>

 

5,修改svn權限設置，權限主體可爲我的或小組，以目錄爲節點設置讀/寫位，下面是樣例：

/etc/apache2/dav_svn.authz
目錄結構
svn---
+++++++project
++++++++++++++Client
++++++++++++++++++++test1
++++++++++++++Document

[groups]
admin = test1,test2
group_a =test3

[svn:/]
*=
[project:/]
*=

@admin =rw

[project:/Client]
*=

@group_a=rw

@admin=rw
[project:/Client/test1]
*=
test1=rw
[project:/Document]
*=
test2=rw

*=空 是沒有權限 ,

r 讀取

w寫入 權限

 

6. 建立帳戶

#/etc/apache2

//首次加 -c
htpasswd -c dav_svn.passwd test
//
htpasswd dav_svn.test2

 

重置密碼:

root@iZ233or8cn2Z:/etc/apache2# htpasswd --help
Usage:
        htpasswd [-cmdpsD] passwordfile username
        htpasswd -b[cmdpsD] passwordfile username password

        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password (default).  # -m 重置密碼
 -d  Force CRYPT encryption of the password.
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
 -D  Delete the specified user.
On other systems than Windows, NetWare and TPF the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.

#

htpasswd -m dav_svn.passwd liutxxx

 

7,重啓apache生效

root@iZ233or8cn2Z:/etc/apache2# service apache2 restart
Restarting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 10.175.197.65 for ServerName
... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 10.175.197.65 for ServerName
.

 

8,訪問.

去網頁打開 http://127.0.0.1/svn/project/Document/

發現全部用戶都能訪問,權限不生效.

一度懷疑:

1,權限文件路徑是否正確 

2,權限文件 dav_svn.authz 是否chmod 777 dav_svn.authz

3,重點...

老版本是報 "apache報非法指令'AuthzSVNAccessFile' " 但新版本沒有報錯,卻緣由同樣.

重啓apache報非法指令'AuthzSVNAccessFile'，那麼極可能是'authz_svn_module'沒加載或apache本身加載順序的問題，能夠在 mods-available/dav.load手動加載該模塊解決問題。（添加下文中的最後一行便可）

參考網址:http://www.cnblogs.com/liuyangnuts/archive/2013/03/19/2965256.html

# file: /etc/apache2/mods-available/dav.load

LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so

 新版本 不會報AuthzSVNAccessFile 只會沒有權限,這點噁心了我一天.

重啓apache : service apache2 restart

再去網頁看看,能正確驗證權限.

 

至此 svn 的搭建完成了.