linux下svn用户权限分配详细说明
安装好svn后,创建svn根目录
[root@vm035sit006 /]# mkdir svn
进入到svn目录,创建我的仓库:mytest_repository
[root@vm035sit006 svn]# svnadmin create mytest_repository
进入到仓库mytest_repository中查看,会显示conf等文件夹
[root@vm035sit006 mytest_repository]# ls conf db format hooks locks README.txt
再进入到conf中会显示如下三个文件
[root@vm035sit006 conf]# ls authz passwd svnserve.conf
authz:配置用户组及用户权限
passwd:存放用户账号密码
svnserve.conf:该仓库的svn基础配置
先编辑svnserve.conf文件
[root@vm035sit006 conf]# vim svnserve.conf
放开如下四处注释,注意左顶格对齐
### This file controls the configuration of the svnserve daemon, if you ### use it to allow access to this repository. (If you only allow ### access through http: and/or file: URLs, then this file is ### irrelevant.) ### Visit http://subversion.apache.org/ for more information. [general] ### The anon-access and auth-access options control access to the ### repository for unauthenticated (a.k.a. anonymous) users and ### authenticated users, respectively. ### Valid values are "write", "read", and "none". ### Setting the value to "none" prohibits both reading and writing; ### "read" allows read-only access, and "write" allows complete ### read/write access to the repository. ### The sample settings below are the defaults and specify that anonymous ### users have read-only access to the repository, while authenticated ### users have read and write access to the repository. anon-access = read auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. password-db = passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the the ### directory containing this file. If you don't specify an ### authz-db, no path-based access control is done. ### Uncomment the line below to use the default authorization file. authz-db = authz . . .
创建用户,编辑passwd文件
[root@vm035sit006 conf]# vim passwd
### This file is an example password file for svnserve. ### Its format is similar to that of svnserve.conf. As shown in the ### example below it contains one section labelled [users]. ### The name and password for each user follow, one account per line. [users] # harry = harryssecret # sally = sallyssecret # zhangsan = 123456 lisi = 111111 wangwu = 123456
创建完用户后,创建用户组并分配权限
编辑authz文件:
[root@vm035sit006 conf]# cat authz ### This file is an example authorization file for svnserve. ### Its format is identical to that of mod_authz_svn authorization ### files. ### As shown below each section defines authorizations for the path and ### (optional) repository specified by the section name. ### The authorizations follow. An authorization line can refer to: ### - a single user, ### - a group of users defined in a special [groups] section, ### - an alias defined in a special [aliases] section, ### - all authenticated users, using the '$authenticated' token, ### - only anonymous users, using the '$anonymous' token, ### - anyone, using the '*' wildcard. ### ### A match can be inverted by prefixing the rule with '~'. Rules can ### grant read ('r') access, read-write ('rw') access, or no access ### (''). [aliases] # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] # 在[groups]标签下定义用户组 # harry_and_sally = harry,sally # harry_sally_and_joe = harry,sally,&joe admin = zhangsan # 新增admin用户组并将成员zhangsan加入到组中 tester = li,wangwu # 新增tester用户组并将成员li,wangwu加入到组中 [/] # 给该组分配svn根目录权限,即本例中/svn/路径下所有仓库权限 @admin = rw # 给admin组读写权限 [mytest_repository:/01测试周报] #如下用户或组拥有mytest_repository仓库下的01测试周报路径权限,其他路径无权限,最前面必须要有/ @tester = rw # [/foo/bar] # harry = rw # &joe = r # * = # [repository:/baz/fuz] # @harry_and_sally = rw # * = r
