Thursday, June 26, 2008

setting up subversion over svn+ssh

Consolidating this process, so I don't forget it:

create user svn
lock svn account (sudo passwd -l svn)
sudo -u svn -s
go to /home/svn/
svnadmin create [repository directory here]
chmod g+s [repository directory]/db

URL of repository will be: svn+ssh://username@hostname/home/svn/[repository directory]

Be sure to follow these tips from the svn book:
  • All of your SSH users need to be able to read and write to the repository. Put all the SSH users into a single group. Make the repository wholly owned by that group, and set the group permissions to read/write.

  • Your users need to use a sane umask when accessing the repository. Make sure that svnserve (/usr/local/bin/svnserve, or wherever it lives in $PATH) is actually a wrapper script which sets umask 002 and executes the real svnserve binary. Take similar measures when using svnlook and svnadmin. Either run them with a sane umask, or wrap them as described above.

  • When BerkeleyDB creates new logfiles, they need to be owned by the group as well, so make sure you run chmod g+s on the repository's db directory.


The umask point can be accomplished by using scripts like this:
$ cat /usr/local/bin/svn

#!/bin/sh

umask 002
/usr/local/subversion/bin/svn "$@"

No comments: