centOS7.9搭建SVN以及多仓管理

POOPE

SVN客户端下载地址
TortoiseSVN :https://tortoisesvn.net/downloads.html
实验环境

系统环境	系统版本	IP地址
centOS	7.9	192.168.3.8
windows	10	172.16.1.251

一、安装svn

yum install subversion -y

二、为svn创建对应目录

mkdir -p /svn

三、为svn创建测试仓库

svnadmin create /svn/test

目录说明：
hooks 放置hook脚步文件的目录
locks 用来放置subversion的db锁文件和db_logs锁文件的目录，用来追踪存取文件库的客户端
format 是一个文本文件，里边只放了一个整数，表示当前文件库配置的版本号
conf 是这个仓库配置文件（仓库用户访问账户，权限）
四、配置svn服务的配置文件
1、svnserver.conf

### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository.  (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)

### Visit http://subversion.apache.org/ for more information.

[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete 
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
anon-access = read
auth-access = write
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file.  If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
realm = My First Repository
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above.  Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256

2、配置访问用户passwd

### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
# harry = harryssecret
# sally = sallyssecret
test1 = 123456
test2 = 123456
test3 = 123456

3、配置用户的授权文件

### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe

# [/foo/bar]
# harry = rw
# &joe = r
# * =

# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
admin = test3
user = test1,test2

[/svn/test/]
@admin = rw
@user = r
* =

备注：

admin = lqb,test2   创建admin组，组成员为：lqb,test2
user = test1    创建用户组，用户成员：test1
[test:/]     赋予根权限，为了便于管理和权限的控制，可以把权限细化到版本库中相应的目录
[@admin] = rw     admin组有读写的权限
[@user] = r    user组只有读的权限
*=      表示除了上面设置的权限用户组以外，其他所有用户都设置空权限，空权限表示禁止访问本目录，这很重要一定要加上。
备注：
版本库的目录格式如下:
[<版本库>:/项目/目录]
@<用户组名> = 权限
<用户名> = 权限
其中[]內容有許多写法：
[/],表示根目录及其一下的路径，根目录是svnserver启动时指定好的，上述实例中我们指定为:/svn/svndata([/]=/svn/svndata).[/]就是表示对全部版本设置的权限
[test:/],表示对版本库test设置权限；
[test:/svnadmin],表示对版本库test中的svnadmin项目设置权限；
[test:/svnadmin/second],表示对版本库test中的svnadmin项目的目录设置权限；
权限的主体可以是用户组，用户或者*，用户组在前面要以@开头，*表示全部用户
权限分为：r ,w, rw和null ,null空表示没有任何权限。
auhtz配置文件中的每个参数，开头不能有空格，对于组要以@开头，用户不需要。

4、启动svn

svnserve -d -r /svn/

• 以上是单仓svn的配置方法，下面介绍一种比较实用的多仓管理的配置方法
  

安装svn步骤省略
一、创建仓库
1、建立仓库总目录

mkdir -p /data/shinkong

二、在总目录下创建多个仓库目录

mkdir -p /data/shinkong/administrator
mkdir -p /data/shinkong/pd
mkdir -p /data/shinkong/rdc

三、创建对应版本库

svnadmin create /data/shinkong/administrator
svnadmin create /data/shinkong/pd
svnadmin create /data/shinkong/rdc

四、安装tree方便查看目录结构

tree /data/shinkong/administrator/

其他两个目录的查看方式相同。
五、拷贝authz和paswd到主目录下

cd /data/shinkong/administrator/conf/
cp authz passwd ../../

注意：这样子就能对仓库做统一权限管理
六、修改各个仓库下svnserve.conf的配置
所有的仓库修改方式都相同，以administrator为例

cd /data/shinkong/administrator/conf
vim svnserve.conf

修改以下参数

#文件为可读
anon-access =read
#文件为可写
auth-access = write
#用户密码存放路径
password-db = /data/shinkong/passwd
#用户权限分组数据存放路径
authz-db = /data/shinkong/authz
#当前仓库的范围
realm = /data/shinkong/administrator

修改passwd和authz两个文件
创建账户和密码

cd ../../
 vim passwd

编辑authz权限文件
假设test1 属于administrator组 只能访问administrator仓库
test2 属于pd组只能访问pd仓库
test3属于rdc组只能访问rdc仓库
创建组

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
admnistrators = test1
pd-group = test2
rdc-group = test3

根目录开放读取权限

[/] 
* = r

按组划分权限

[administrator:/]
@administrators = rw

[pd:/]
@pd-group = rw

[rdc:/]
@rdc-group = rw

启动svn服务
注意：启动的时候要指向总目录不能指向仓库目录

svnserve -dr /data/shinkong