You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Laker Netman <la...@yahoo.com> on 2008/03/20 15:15:24 UTC
svnserve on W2K3
Can anyone recommend a complete guide for setting up svnserve (Subversion 1.4.6) on Windows Server 2003 (SP2)? In particular, I am having a heck of a time getting the security in svnserve.conf and authz structured correctly. I have googled this a lot and read several semi-detailed posts, but I can't find one that definitively says authorization works as it should in Windows-land. FWIW, I'm stuck with IIS and no DAV, so svnserve is my only choice (yes?).
I am running svnserve as a service with my repository root (-r) at D:\SVN. I follow the "repository per project structure" as described in Chapter 5 of the Subversion book. So my directory structure is thus:
D:\SVN
\projA
\Trunk
\Tags
\Branches
\projB
\Trunk
\Tags
\Branches
...etc
I did an "svn create..." to make each "projX" folder. So, within each folder there is a separate \conf, \dav, \db, etc.
I have read Chapter 6's section on Path-Based Authorization several times and can deny access to the repository setting anon_access=none in svnserve.conf on a per directory basis. But anything a I put in authz seems to result in an "authorization failed" error whether I'm trying to access the repo via TortoiseSVN or command line "svn" using the svn:// protocol.
So, I think I'm correct that svnserve will honor the svnserve.conf and authz under each project folder. Right? But what should the syntax for the authz entries look like? And how should the svnserve.conf be written so I'm sure authz is being parsed? I guess what I am trying to figure out is what is svnserve trying to match the authz entries against during the authorization process between a Windows client (TortoiseSVN) and a Windows server running svnserve?
Lastly, is passwd-db required for any of this to work? If I can avoid it that would be great. If not, are those passwords completely independent of OS-related authentication?
Thanks in advance,
Laker
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: svnserve on W2K3
Posted by "Harvey, Edward" <Ed...@patni.com>.
Ah, since you really just want an example of how to set up a basic svnserve server on Windows 2003, here's a copy of what I wrote for myself before:
1) Please see this guide for details:
http://svnbook.red-bean.com
This is also useful:
http://svn.spears.at/
2) Install subversion: svn-1.4.4-setup.exe
3) Create a new folder D:\subversion
a. Create a subfolder D:\subversion\repos
b. Create a subfolder D:\subversion\repos\myfiles
c. Create the initial repository as follows:
"C:\Program Files\Subversion\bin\svnadmin.exe" create --fs-type fsfs D:/subversion/repos/myfiles
d. Make sure it's well protected with Windows Permissions.
4) Open a command prompt, do this:
sc create svnserve binpath= "C:\Program Files\Subversion\bin\svnserve.exe --service --root D:\subversion\repos" displayname= "Subversion svnserve" depend= tcpip start= auto
5) Start the svnserve as follows:
net start svnserve
6) Create a DNS alias "svn" that redirects to your svn server.
7) Go edit all the files in D:\subversion\repos\myfiles\conf
a. Example authz:
[groups]
b. Example svnserve.conf:
[general]
anon-access = none
auth-access = write
password-db = passwd
c. Example passwd:
[users]
harry = harrysecret
sally = sallysecret
8) Now use your svn client to checkout the repository, svn://svn.domain.local/myfiles
> -----Original Message-----
> From: Laker Netman [mailto:laker_netman@yahoo.com]
> Sent: Thursday, March 20, 2008 11:15 AM
> To: users@subversion.tigris.org
> Subject: svnserve on W2K3
>
> Can anyone recommend a complete guide for setting up svnserve
> (Subversion 1.4.6) on Windows Server 2003 (SP2)? In particular, I am
> having a heck of a time getting the security in svnserve.conf and authz
> structured correctly. I have googled this a lot and read several semi-
> detailed posts, but I can't find one that definitively says
> authorization works as it should in Windows-land. FWIW, I'm stuck with
> IIS and no DAV, so svnserve is my only choice (yes?).
>
> I am running svnserve as a service with my repository root (-r) at
> D:\SVN. I follow the "repository per project structure" as described
> in Chapter 5 of the Subversion book. So my directory structure is thus:
> D:\SVN
> \projA
> \Trunk
> \Tags
> \Branches
> \projB
> \Trunk
> \Tags
> \Branches
> ...etc
>
> I did an "svn create..." to make each "projX" folder. So, within each
> folder there is a separate \conf, \dav, \db, etc.
>
> I have read Chapter 6's section on Path-Based Authorization several
> times and can deny access to the repository setting anon_access=none in
> svnserve.conf on a per directory basis. But anything a I put in authz
> seems to result in an "authorization failed" error whether I'm trying
> to access the repo via TortoiseSVN or command line "svn" using the
> svn:// protocol.
>
> So, I think I'm correct that svnserve will honor the svnserve.conf and
> authz under each project folder. Right? But what should the syntax for
> the authz entries look like? And how should the svnserve.conf be
> written so I'm sure authz is being parsed? I guess what I am trying to
> figure out is what is svnserve trying to match the authz entries
> against during the authorization process between a Windows client
> (TortoiseSVN) and a Windows server running svnserve?
>
> Lastly, is passwd-db required for any of this to work? If I can avoid
> it that would be great. If not, are those passwords completely
> independent of OS-related authentication?
>
> Thanks in advance,
> Laker
>
>
>
>
>
> _______________________________________________________________________
> _____________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: svnserve on W2K3
Posted by "Harvey, Edward" <Ed...@patni.com>.
> Can anyone recommend a complete guide for setting up svnserve
> (Subversion 1.4.6) on Windows Server 2003 (SP2)? In
> particular, I am having a heck of a time getting the security
> in svnserve.conf and authz structured correctly. I have
> googled this a lot and read several semi-detailed posts, but
> I can't find one that definitively says authorization works
> as it should in Windows-land. FWIW, I'm stuck with IIS and no
> DAV, so svnserve is my only choice (yes?).
Let's clear one thing up first. You seem to want domain-based, automatic client authentication, via active directory / kerberos, right? This does not work if you are using svnserve 1.4, so you'll have to wait till at least when 1.5 is released. For now, if you're using 1.4, the only authentication on svnserve is stored in a plain-text flat file on the server, so it essentially means that the sys admin must assign the password for each user.
Correct, everyone?
For now, if you want kerberos authentication, single sign-on, users choose their own passwords, then apache is the preferred method, but you could also consider svn+ssh, or IIS. Right everyone?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org