Ramblings on technology with a dash of social commentary
RSS icon Email icon Home icon
  • Configure Subversion with Apache and Security in 5 Easy Steps

    Posted on January 19th, 2012 phpguru No comments

    I’ve been running WampServer for years on my trusty Dell XPS running Windows XP Pro. A while back I installed Subversion and got it working with mod_dav and authz_svn to serve multiple repositories, each with their own user and group permissions. It was tricky to set up and there are some finer points that most documentation I read doesn’t address. I followed a few different web resources like this great beginners guide, but ultimately it boils down to the 5 simple steps below.

    Just recently I needed to add a new repository. I thought I had done everything right, but when I went to use it for the first time, I got the following errors:

    D:\svn\repos>svn mkdir http://localhost:8080/svn/myproject/trunk -m "Trunk"
    svn: OPTIONS of 'http://localhost:8080/svn/myproject': 200 OK (http://localhost:8080)
    D:\svn\repos>svn ls http://localhost:8080/svn/myproject/trunk
    svn: URL 'http://localhost:8080/svn/myproject/trunk' non-existent in that revision
    D:\svn\repos>svn ls http://localhost:8080/svn/myproject
    svn: Could not open the requested SVN filesystem

    If you are getting any of these common errors, this post is for you.

    When using svn over http, you have to use Apache’s configuration files to control access to each repository separately. Start by installing Apache, Subversion, and then referencing these three modules in your httpd.conf as follows:

    LoadModule  dav_module             modules/mod_dav.so
    LoadModule  dav_svn_module         modules/mod_dav_svn.so
    LoadModule  authz_svn_module       modules/mod_authz_svn.so

    Now we’re ready to begin.

    1) Add the repository:

    #> svnadmin create D:\svn\repos\myproject

    *(On Unix systems, chown -R myproject so it is writable by the user Apache runs as)*

    2) Edit your httpd.conf (or extras/httpd-vhosts.conf) adding something like this:

    <Location /svn/myproject>
       DAV svn
       SVNPath d:/svn/repos/myproject
       AuthType Basic
       AuthName "My Project SVN Repo"
       AuthUserFile c:/etc/svn-auth-file
       Require valid-user
       AuthzSVNAccessFile c:/etc/svn-acl
    </Location>

    3) Add the project to your svn auth file at c:/etc/svn-acl (it’s referenced in the Location directive in your Apache config.)

    [groups]
    yourgroupname = yourusername, user_b, user_c
    [myproject:/]   
    yourusername = rw
    @yourgroupname = rw

    This is what tells Apache which users and groups are allowed to access the path(s) in your repository.

    4) Give yourusername an htpasswd (and user_b and user_c)

    cd c:/etc/
    htpasswd -c svn-auth-file yourusername

    *(If that file already exists, omit the -c option)*

    5) Finally, restart Apache

    httpd -k restart

    Then you’re ready to create trunk

    #> svn mkdir http://localhost:8080/svn/myproject/trunk -m "Adding trunk"
    
    Committed revision 1.

    I got the errors shown above when forgetting step one or more of these steps.

     

    Leave a reply