debian 安装svn apache 小记. AuthzSVNAccessFile 不生效问题.

56gt

　　
　　

1,安装 apache ,svnapt-get install apache2 subversion libapache2-svn
　　不安装apache  是不能通过http方式来访问的.
　　 subversion服务器是不需要apache的，但是可以使用apache，视具体情况来选择。
        1、如果只要通过file://或svn://来访问，则不需要apache，只安装svn即可，使用svnserve来作为服务。
        2、如果你要建立一个可以通过http://或https://来访问的版本库服务器，则你需要使用apache。

2,版本信息.
　　root# svn --version
svn, version 1.6.17 (r1128011)
   compiled Dec 20 2014, 19:48:25
　　root#apachectl -v
　　Server version: Apache/2.2.22 (Debian)
Server built:   Dec 23 2014 22:48:32
　　

3,创建版本库并将所有权转让给apache2
　　svnadmin create  /disk1/d1/svn/project
　　
chown www-data:www-data -R  /disk1/d1/svn/project
　　

4,修改 /etc/apache2/mods-enabled/dav_svn.conf
　　实际上是软件连接:
　　root@iZ233or8cn2Z:/etc/apache2/mods-enabled# ls -l
　　lrwxrwxrwx 1 root root 30 Jul 2 17:05 dav_svn.conf -> ../mods-available/dav_svn.conf
　　对应了 /mods-available/dav_svn.conf  这个文件.
　　打开这个文件可见内容.网上很多版本的dav_svn.conf已经不是最新的版本了.



root@iZ233or8cn2Z:/etc/apache2/mods-enabled# cat dav_svn.conf
# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
#
# NOTE: for a setup with multiple vhosts, you will want to do this
# configuration in /etc/apache2/sites-available/*, not here.
#  ...
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
# Note, a literal /svn should NOT exist in your document root.

# Uncomment this to enable the repository
DAV svn
# Set this to the path to your repository
#SVNParentPath /disk1/d1/svn/project
# Alternatively, use SVNParentPath if you have multiple repositories under
# under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
# You need either SVNPath and SVNParentPath, but not both.
SVNParentPath /disk1/d1/svn
# Access control is done at 3 levels: (1) Apache authentication, via
# any of several methods.  A "Basic Auth" section is commented out
# below.  (2) Apache  and , also commented out
# below.  (3) mod_authz_svn is a svn-specific authorization module
# which offers fine-grained read/write access control for paths
# within a repository.  (The first two layers are coarse-grained; you
# can only enable/disable access to an entire repository.)  Note that
# mod_authz_svn is noticeably slower than the other two layers, so if
# you don't need the fine-grained control, don't configure it.
# Basic Authentication is repository-wide.  It is not secure unless
# you are using https.  See the 'htpasswd' command to create and
# manage the password file - and the documentation for the
# 'auth_basic' and 'authn_file' modules, which you will need for this
# (enable them with 'a2enmod').
AuthType Basic
AuthName "Subversion Repository"
#用户密码文件.
AuthUserFile /etc/apache2/dav_svn.passwd
# To enable authorization via mod_authz_svn (enable that module separately):

　　#用户权限 认证文件
  AuthzSVNAccessFile /etc/apache2/dav_svn.authz

# The following three lines allow anonymous read, but make
# committers authenticate themselves.  It requires the 'authz_user'
# module (enable it with 'a2enmod').
#
#需要用户认证
Require valid-user
#

　　

5,修改svn权限设置，权限主体可为个人或小组，以目录为节点设置读/写位，下面是样例：

/etc/apache2/dav_svn.authz
目录结构
svn---
+++++++project
++++++++++++++Client
++++++++++++++++++++test1
++++++++++++++Document



[groups]
admin = test1,test2
group_a =test3

　　[svn:/]
*=
[project:/]
*=

　　@admin =rw

　　[project:/Client]
*=
　　@group_a=rw
　　@admin=rw
[project:/Client/test1]
*=
test1=rw
[project:/Document]
*=
test2=rw



　　*=空 是没有权限 ,
　　r 读取
　　w写入 权限
　　

6. 创建账户
　　#/etc/apache2



//首次加 -c
htpasswd -c dav_svn.passwd test
//
htpasswd dav_svn.test2
　　
　　重置密码:



root@iZ233or8cn2Z:/etc/apache2# htpasswd --help
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c  Create a new file.
-n  Don't update file; display results on stdout.
-m  Force MD5 encryption of the password (default).  # -m 重置密码
-d  Force CRYPT encryption of the password.
-p  Do not encrypt the password (plaintext).
-s  Force SHA encryption of the password.
-b  Use the password from the command line rather than prompting for it.
-D  Delete the specified user.
On other systems than Windows, NetWare and TPF the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
#
　　htpasswd -m dav_svn.passwd liutxxx

　　

7,重启apache生效


　　root@iZ233or8cn2Z:/etc/apache2# service apache2 restart
Restarting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 10.175.197.65 for ServerName
... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 10.175.197.65 for ServerName
.
　　

8,访问.
　　去网页打开 http://127.0.0.1/svn/project/Document/
　　发现所有用户都能访问,权限不生效.
　　一度怀疑:
　　1,权限文件路径是否正确
　　2,权限文件 dav_svn.authz 是否chmod 777 dav_svn.authz
　　3,重点...
　　老版本是报 "apache报非法指令'AuthzSVNAccessFile' " 但新版本没有报错,却原因一样.
　　重启apache报非法指令'AuthzSVNAccessFile'，那么很可能是'authz_svn_module'没加载或apache自己加载顺序的问题，可以在 mods-available/dav.load手动加载该模块解决问题。（添加下文中的最后一行即可）
　　参考网址:http://www.iyunv.com/liuyangnuts/archive/2013/03/19/2965256.html



# file: /etc/apache2/mods-available/dav.load
LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so
　　 新版本 不会报AuthzSVNAccessFile 只会没有权限,这点恶心了我一天.
　　重启apache : service apache2 restart

　　再去网页看看,能正确验证权限.
　　
　　至此 svn 的搭建完成了.