SVN (Subversion) Access Control with Apache and mod_authz_svn - Comment Page: 1

I just wrote guide, howto install SVN (Subversion) Server on Fedora, CentOS and Red Hat (RHEL). No I decided to write more information about SVN Access Control. This guide works if you have installed Apache, Subversion (SVN) and mod_dav_svn on any Linux system, like Ubuntu, Debian, Arch, Gentoo, not only Fedora, CentOS or Red Hat (RHEL). [inttf_post_ad1] Setup SVN (Subversion) Access Control with Apache and mod_authz_svn 1. Change root user su - ## OR ## sudo -i 2. Add SVN (Subversion) users Use following command: ## Create testuser ## htpasswd -c -m /etc/svn-auth-users testuser New password: Re-type new password: Adding password for user...

98 comments on “SVN (Subversion) Access Control with Apache and mod_authz_svn - Comment Page: 1

1 2 3 4
    1. […] PeÅ‚ny artykuÅ‚ na: SVN (Subversion) Access Control with Apache and mod_authz_svn […]

      Reply
    2. […] WiÄ™cej: SVN (Subversion) Access Control with Apache and mod_authz_svn […]

      Reply
    3. ## Create testuser ##
      htpasswd -m /etc/svn-auth-users testuser
      New password:
      Re-type new password:
      Adding password for user testuser

      ## Create testuser2 ##
      htpasswd -m /etc/svn-auth-users testuser2
      New password:
      Re-type new password:
      Adding password for user testuser2

      -cm create a new file (and delete old users!!!)

      Reply
      • Hi Simone,

        Thank you for your correction, I changed this to blog post it was totally my mistake.

        Btw. first time you could use -c option, when you are really creating new file.

        Reply
    4. Is there a way I can put a line break at the attribuition? Something like

      [groups]
      testgroup = testuser1, testuser2, testuser2, testuser3, testuser4,
      testuser5, testuser6, testuser7, testuser8, testuser9

      I need to do this cause there’s a group with many users.

      Reply
      • Hi Shad,

        I think following syntax should work:

        
        [groups]
        testgroup = testuser1, testuser2, testuser2, testuser3, testuser4
        testgroup = testuser5, testuser6, testuser7, testuser8, testuser9
        testgroup = testuser10, testuser11, testuser12, testuser13, testuser14
        

        Please let me know do you get it working? I can’t test this right now. :)

        Reply
    5. Hi,

      is there any chance to configure repository which is outside /var/www directory ? For example when i use /abc/svn istead of /var/www/svn and configure everything with this path, I’m getting the foloowing error:

      “Could not open the requested SVN filesystem”

      with /var/www/svn everything works fine with no errors.

      Reply
      • Hi harti,

        I just checked SVN Install guide using /some_directory/svn and it’s working normally. Are you absolutely sure you change all paths on guide?

        Reply
    6. Hi
      I have configured SVN server, and set SVN Access Control permission but all SVN user accessing all repos.

      Reply
      • Do you follow exactly all steps?

        Could you post your configuration files?

        Reply
        • groups]
          Sadmin = Vijay
          admin = bing, babu
          developer = pranita,
          mobideveloper = pradeep, king
          SEO = among
          designer = somanath

          [/]
          * = r
          @sadmin = rw
          @admin = rw

          [Bills_Master:/Baseline]
          king = rw
          pranita = rw
          bing =rw

          [ISMS:/Testing]
          @developer = rw
          bing = rw

          [SMS:/Development]
          @developer = rw
          bing = rw

          [V3_Tablet:/]
          pradeep = rw

          [Tic_Tac_Toe:/]
          bing = rw
          king = rw

          [Wing_Website:/]
          bing = rw

          [testrepo:/]
          Vijay = rw

          when we remove “below mentioned details” then all user getting error you have not permission

          [/]
          * = r
          @sadmin = rw
          @admin = rw

          Reply
          • If you remove those all then, yes anyone don’t have permissions to /. Other repos permissions should still work?

            But yes if you want use your original setup then you can use following syntax to disallow read (and write) permission on some project:

            
            ...
            
            [/]
            * = r
            @sadmin = rw
            @admin = rw
            
            [Bills_Master:/Baseline]
            king = rw
            pranita = rw
            bing =rw
            @designer = 
            
            [ISMS:/Testing]
            @developer = rw
            bing = rw
            among = 
            king = 
            
            ..
            

            So if you set “empty” permission, it should disable access on some repos or alternatively you can remove just * = r, but then only sadmin and admin groups have permission to access root, if you do not allow any other permissions, but all other permission should still work on specific repositories.

            Please let me know, do you get it working with this help?

            Reply
            • Hi ,

              Thank you for your correction….

              Reply
              • Excellent to hear that you got it working! :)

                Reply
              • Hi
                I have already created SVN structure like below
                mkdir -p /var/svntmp/syn-structure-template/{Testing,Baseline,Trunk,management}
                and it is working…..
                but Now i want add 1 another name in svn structure so plz help ……….

                Reply
                • Hi varun,

                  You can do it simply with following command:

                  
                  svn mkdir http://repoaddess/reponame/newdir
                  
                  Reply
                  • [email protected] ~]# svn mkdir http://var/www/svn/SKAI-Tata_DoCoMo/release
                    svn: Could not use external editor to fetch log message; consider setting the $SVN_EDITOR environment variable or using the –message (-m) or –file (-F) options
                    svn: None of the environment variables SVN_EDITOR, VISUAL or EDITOR are set, and no ‘editor-cmd’ run-time configuration option was found

                    Reply
                    • You need export editor (example vi):

                      
                      export EDITOR=vi
                      svn mkdir http://var/www/svn/SKAI-Tata_DoCoMo/release
                      

                      Or use svn (-m) message option:

                      
                      svn mkdir http://var/www/svn/SKAI-Tata_DoCoMo/release -m "New directory"
                      
                      Reply
      • HI Varun,

        Could u plz send me the correct steps to configure svn on server and client side.

        Reply
    7. Hello friends,
      first of all thanks a lot to share this this configure,By use of this i configure the svnsuccessfully, iam not able to set the permission to my all projects i follow all step as it is.
      after that my all user able to login in any project repo.I use this command so i think the problem due to this
      chcon -R -t httpd_sys_rw_content_t /var/www/svn/testrepo

      i also add this file like this and make permission like that..

      [groups]
      Sadmin = Vijay
      admin = bing, babu
      developer = pranita,
      mobideveloper = pradeep, king
      SEO = among
      designer = somanath

      [/]
      * = r
      @sadmin = rw
      @admin = rw

      [Bills_Master:/Baseline]
      king = rw
      pranita = rw
      bing =rw

      [ISMS:/Testing]
      @developer = rw
      bing = rw

      [SMS:/Development]
      @developer = rw
      bing = rw

      [V3_Tablet:/]
      pradeep = rw

      [Tic_Tac_Toe:/]
      bing = rw
      king = rw

      [Wing_Website:/]
      bing = rw

      [testrepo:/]
      Vijay = rw

      kindly help me to solve this problem, i need the help.

      Reply
      • Hi vijay kumar,

        Please check following line on your permission file:

        
        [/]
        * = r
        @sadmin = rw
        @admin = rw
        

        It add read permission to every repository for all users and groups?

        Reply
    8. Hello JR

      Thanks a lot for your quick help and guidence. you are doing great man. again thank you very much.

      Reply
      • Hello vijay,

        You are welcome! Nice to hear that you got it working!

        Reply
    9. Hi

      I want take Backup of SVN server, So plz Help me….

      Reply
      • Hi,

        You can use svnadmin dump command, like:

        
        svnadmin dump /path/to/your/repository > /backup/directory/repository.dump
        

        More info with following command:

        
        svnadmin dump --help
        
        Reply
    10. Hi JR,

      i want ur help for solving my problem. I installed this SVN in my CentOS 5.5 with all configuration as per given. Now i m stuck on ACL (Access Control List). i want to access the Repository from other system. i have created some users by command in /etc/svn-auth-conf file and given the permission in /etc/svn-acl-conf file.

      In /etc/httpd/conf.d/subversion.conf i had given this location of Repository

      DAV svn
      SVNPath /var/www/svn/repos
      SVNListParentPath On
      AuthType Basic
      AuthName “Subversion repos”
      AuthUserFile /etc/svn-auth-conf
      Require valid-user

      now i can access the repository from another system by Tortoise SVN with specified user but problem is that the permission for only given to 1 user in svn-acl-conf file but rest of the user can also able to access without permission
      and
      whenever i insert
      AuthzSVNAccessFile /etc/svn-acl-conf this line in the Location of Repository, while accessing from other system it shows an error while SVNcheckout.

      This only error i want to resolve. i m facing this problem since 1 months. please kindly give me the solution so that i’ll go further.

      Reply
      • Hi Vishal,

        Did you still have this problem? I have missed your question totally. :/

        Reply
        • Hi JR,

          Thanks for reply. Yes i was facing that problem and it was not resolved yet. But i found another svn called UberSVN and i installed it on another system and it works excellent. No need of commands, its totally GUI based.
          But still I want to solve that problem for future purpose.

          Reply
          • Could you post full error message and content of /etc/svn-auth-conf and /etc/svn-acl-conf files? You can of course change real names if you want.

            Reply
            • Hi JR,

              Thanks for the reply. Now the condition is different. We are using UberSVN on our server. Our projects also on the same server but now through command when ever i am trying to do checkout in the empty directory it is showing “svn: E175013: Access to ‘/Test/!svn/rvr/3’ forbidden”.

              There is already committed folder in Test/trunk/ folder by other user. So is there any solution for this?

              One more thing is our Projects are on different drive, so on the same server can we use SVN and do commit, checkout, add, etc.?

              Thanks in advance

              Reply
              • Hi Vishal,

                Have you made any changes to SVN configurations recently? Or is some update changed your configuration?

                Could you also check Apache access/error logs?

                If you have right permissions and correct settings for subversion, then another drive should not be problem. You can even mount your drive with bind option, if you have problems with it.

                Reply
    11. Hi JR,
      Can you please help me by telling how can i get remote access in svn?when i want to access in svn server from another computer, browser show “you don’t have permission to access /svn on this server”please help me to solve this problem.
      thank you.
      Wardha

      Reply
      • Hi Wardha,

        Is SVN working from localhost?

        Could you access directly to some repository?

        Reply
        • Hi JR,
          Thank you for replying.Yes,SVN is working from localhost. But I can’t access to the repositories.It shows the repositories but not the files inside it.
          In remote browser, login page is come, but after login it show this message:

          Forbidden
          You don’t have permission to access /svn on this server.
          Apache/2.2.15 (Red Hat) Server at 192.168.100.103 Port 80

          Can you give me a solutions.

          Thanks once again.

          Wardha

          Reply
          • Hi Wardha,

            Did you used same username and password what you created on step 2?

            Could you post your svn-access-control list content?

            Reply
    12. Hi Team,
      I have configure SVN structure. from browser i am able to go into particulr directory nd cn see committed projects but from linux server not able to find that committed project
      http:///svn/Repos/Development/
      can u plz tell me where to find my committed projects.
      HElp would be appreciated.

      Reply
    13. Hi Team,

      I want take backup of SVN server please help…. What is the Important for the backup in svn server.

      Reply
    14. Hi Team,

      I’m using https://localhost/svn/testrepo it is on the public IP and now i want that svn access only in local network, which port i neet to bolck for the svn

      Please Help me

      Reply
      • Hi Varun,

        Do you have public web server running on same machine?

        Reply
        • Yes i have Public web server and it is running on the same machine and now i want SVN not access by public IP and i cant remove Public IP from this System/ server, please help me.

          Reply
          • Okay, then you can’t block port 80.

            Try following /etc/httpd/conf.d/subversion.conf:

            
            LoadModule dav_svn_module     modules/mod_dav_svn.so
            LoadModule authz_svn_module   modules/mod_authz_svn.so
             
            
               DAV svn
               SVNParentPath /var/www/svn
               AuthType Basic
               AuthName "Subversion repositories"
               AuthUserFile /etc/svn-auth-users
               AuthzSVNAccessFile /etc/svn-access-control
               Require valid-user
               
               ## Deny from all and then allow localhost or some other local network ##
               Order deny,allow
               Deny from all
               Allow from 127.0.0.0/8
            
            
            Reply
    15. Hi
      I have added below mentioned Line But it is still accessing by public IP

      ## Deny from all and then allow localhost or some other local network ##
      Order deny,allow
      Deny from all
      Allow from 127.0.0.0/8

      Reply
      • I want that svn access by local ip the LAN network not accessable by WAN network.

        Reply
        • Hi varun,

          You have to add your own network to Allow from 127.0.0.0/8 or add several IPs or networks.

          And remember that you need to reload/restart your web server.

          Reply
          • Thanx….. gr88888

            Reply
            • Excellent to hear that you got it working!

              Reply
1 2 3 4

Leave a Reply

Your email address will not be published. Required fields are marked *

Close