There are a lot of explanations out explaining how to setup Subversion and Apache to work smoothly together. Since I’m a bit paranoid I’d like to give one the needed rights to the Apache user.
But let’s start at the beginning and setup the environment before we care about the proper rights.
apt-get install apache2 subversion libapache2-svn installs all needed packages at a Debian-based system. All sites shall reside at
/etc/apache2/sites-available and you could either edit the default-site or create a new one. I choose to create a new one as I’d like to have things separated, but using the default one is quite similar.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 DocumentRoot /var/www/svn/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/svn/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # Redirect to ViewVC for the undecided RedirectMatch ^/$ /cgi-bin/viewcvs.cgi </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> # Setting for the repositories, all start with /repos <Location /repos> DAV svn # Path to repository base SVNParentPath /var/lib/svn/repos # Use a different XSL for the build in pages SVNIndexXSLT /svnindex.xsl # how to authenticate a user AuthType Basic AuthName "Subversion repository" AuthUserFile /etc/apache2/svn.example.com-htpasswd # For any operations other than these, # require an authenticated user. <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> LogLevel warn ErrorLog /var/log/apache2/svn.example.com-error.log CustomLog /var/log/apache2/svn.walhalla.local-access.log combined # Include generic snippets of statements for ViewVC # (part of the Debian package) Include /etc/apache2/conf.d/viewcvs
VirtualHost settings must match. If you use an IP for the first setting you have to use the same IP for the latter.
To enable your fresh site you can either use
a2ensite /etc/apache2/sites-availabe/new-site-filename or create a symlink in
/etc/apache2/sites-enabled yourself. In either case you have to restart your Apache of course.
The next step is the subversion configuration and creation of a new repository. As we use /var/lib/svn/repos as our repository base path it would be
svnadmin create /var/lib/svn/repos/Projects
which I do as root to get the proper base rights set.
For recent version of SVN you have to decide which compatibility level you like to support. –pre-1.4-compatible to support version earlier than 1.4 or –pre-1.5-compatible to support version earlier than 1.5. I suggest to use –pre-1.5-compatible, because not all distributions out there already include Subversion 1.5.
You now have a new directory /var/lib/svn/repos/Projects which looks like
As you can see everything is owned by root and nobody else is able to write there. This is quite safe indeed, but quite useless at the same time. Is dislike the idea to give full permission to this directory to the Apache user as others suggest, but to give the rights that are really needed.
If you execute
chgrp www-data dav db locks/
chmod g+sw db
chmod g+w dav/
chgrp -R www-data db/current db/revprops/ db/revs/ \
You should be on the safe side and you can start versioning your data.