Setup of svnserve on gtsvn
Configuration of svnserve
The svnserve daemon serves the restricted part of our corpus. That repository is located in /var/repositories/boundcorpus. The repository should be accesible only from gtsvn, so the setup of the svnserve daemon and the firewall reflects that decision.
Configuring automatic start up
To make svnserve start up automatically at boot time, the /etc/init.d/svnserve script was added. The script was fetched from CentOS 5.2 SVN Server. The variable named arthur was changed to --listen-host localhost -r /var/repositories. This means that svnserve only listens to requests from gtsvn itself, and serves the repositories found in the directory /var/repositories.
Configuring the firewall
The line -A INPUT -m state --state NEW -p tcp --dport 3690 -s localhost -j ACCEPT was added to the file /etc/sysconfig/iptables. The iptables service was restarted by running the command sudo /etc/init.d/iptables restart to pick up the changes in the setup.
Setting up restrictions
In the [general] section of /var/repositories/boundcorpus/conf/svnserve.conf the following variables have been set:
- anon-access = none
- This means that nobody but the users defined in the user and password file /var/repositories/boundcorpus/conf/passwd have access to this repository.
- auth-access = write
- This means that users defined in the user and password file by default have write access to the repository.
- password-db = passwd
- The file passwd in /var/repositories/boundcorpus/conf contains users and their passwords
- authz-db = authz
- This file sets up path based restrictions, which means that some users are allowed to read and write to this repository, others have only read access.
by Børre Gaup