Currently Being ModeratedApr 13, 2012 4:52 PM (in response to Bidit Mazumder)
I have some suggesteions...
There is already a _developer group that all Xcode users need to be in. I suggest using that. That would reduce your usage of sudo too.
You can use "mkdir -p /usr/local/svn/repos" by itself. The "-p" flag will create intermediate directories.
I think "sudo chown -R :_developer svn" and "sudo chmod -R g+w+s svn" will setup your permissions.
I suggest setting up a dedicated subversion user and then using ssh into that user account for all access. On the Mac, the Keychain acts as a ssh-agent so you can have a private key with a password.
Currently Being ModeratedApr 13, 2012 8:56 PM (in response to etresoft)
You're right. Using the _developer group is the right thing to do here.
For the permissions, I believe you have to set the new file mode creation mask to make the repository group writable.
Thank you for the feedback.
mkdir -P is clever!
BTW, Ribbons was my dog. Just in case you're wondering.Mac Pro, Mac OS X (10.7.3)
Currently Being ModeratedApr 15, 2012 1:24 PM (in response to Bidit Mazumder)
Bidit Mazumder wrote:
Is it possible to delete this thread?
I have revised the guide with feedback provided by etresoft and would like to post the updated guide.
Usually the hosts only delete a thread if there is some privacy or abuse issue. Just post a revised guide here.
Currently Being ModeratedApr 15, 2012 1:57 PM (in response to etresoft)
This is the revised guide. I still think posting as a new thread would be better.
I set up Subversion on my home Mac Pro OS X 10.7.3 (Lion) and wrote down the steps for my reference.
Lion already ships with Subversion 1.6.17, OpenSSH_5.6p1 and OpenSSL 0.9.8r. We just need to use them.
Create the directory structure for your repositories.
1. sudo mkdir -p /usr/local/svn/repos
We are going to use the _developer group that all Xcode users need to be in.
Thanks to etresoft for this tip and other clever shortcuts.
(Use the groups command to verify your account is a member of the _developer group.)
Set the access permissions.
2. sudo chgrp _developer /usr/local/svn/repos
3. sudo chmod g+w+s /usr/local/svn/repos
We are now ready to create our project repository, in the repos directory.
Set the file mode creation mask to give the group write permissions to the repository we are about to create.
4. umask 002
Create the repository for your project.
5. svnadmin create /usr/local/svn/repos/<project_name>
And set the user mask to the default value.
6. umask 022
You now have an empty repository, so let's create a working copy by checking out the current version to your home directory.
7. cd ~
8. svn co file:///usr/local/svn/repos/<project_name>
Create the basic structure and commit your changes to the repository.
9. cd <project_name>
10. svn mkdir branches tags trunk
11. svn ci -m "initial structures"
Now, let's enable remote access to the repository.
First, let's set up svnserve, the Subversion server program, so we can access the repository using the svn protocol.
(We're only going to access the repository securely, using svn+ssh, but it's nice to know svnserve is there if we ever need it.)
Create a passwords file that will be used across repositories.
12. sudo vi /usr/local/svn/passwd-developers
The structure of the file should be as follows:
<user_1> = <password_1>
<user_2> = <password_2>
<user_3> = <password_3>
Save the file and change its permissions, so it's only readable by the owner (root).
13. sudo chmod 600 /usr/local/svn/passwd-developers
Each Subversion repository has a configuration file that controls how it can be accessed by svnserve.
Edit this configuration file for the repository we created earlier.
14. vi /usr/local/svn/repos/<project_name>/conf/svnserve.conf
Paste the following after [general] (line 8):
anon-access = none
password-db = /usr/local/svn/passwd-developers
realm = developers
And save the file.
Stuff you might want to know (from the man pages):
The realm setting sets the authentication realm of the repository. If two repositories have the same password database, they should have the same realm, and vice versa; this association allows clients to use a single cached password for several repositories.
Let's launch svnserve as a foreground process (--foreground) so we can kill it after the test with Ctrl+C.
15. sudo svnserve -d --foreground -r /usr/local/svn/repos
You should be in your home directory (use pwd to check). If so, delete the working copy that was checked out previously or cd to another directory.
Now, checkout the pristine version using the svn protocol.
16. svn checkout svn://<server_ip>/<project_name> --username <user>
Replace <server_ip> with the IP address of your server or 127.0.0.1 if you are testing on the same machine.
You can go ahead and kill the svnserve process; we won't need it for svn+ssh.
We’re most of the way there, I promise. We just need to start our SSH server.
The only setup this requires, on a Mac, is to enable Remote Login from System Preferences > Sharing and add the _developer group to the list of allowed users.
This will start sshd, the OpenSSH daemon, and set it to launch at startup.
Now you can checkout using svn+ssh and your (Mac) login password.
17. svn checkout svn+ssh://<server_ip>/usr/local/svn/repos/<project_name> --username <user>
That's it!Mac Pro, Mac OS X (10.7.3)
Currently Being ModeratedMay 7, 2012 5:24 AM (in response to Bidit Mazumder)
Your post is excellent, I'm new to unix/mac and followed your post fine, SVN working well with several repos and permissions. I'm not clear on the CHMOD for groups but will research and read. My question is... I have also setup WebSVN 2.3.3 and it too works fine, however it gives full access to all my repos? I set a seperate access file and only get "You don't have necessary permissions"... If I login via http from initial setup and enter user/password, then go to /WebSVN page i have access for that user... but otherwise I never get a user prompt from the WebSVN pages, only above permissions message. Could this be I need to change dir permissions on the WebSVN site/page, and if so... How? it resides in the default site locations for the mac /library/webserver/documents/websvn
Currently Being ModeratedMay 7, 2012 8:26 AM (in response to etresoft)
I set the umask 002 initially when creating my first repo and set _developer group. The http in apache also wants a _www group.
I'm trying to keep them all separate.
Currently Being ModeratedMay 7, 2012 8:55 AM (in response to jeff barclay)
There seem to be some apache modules that will provide an authentication hook into your established Subversion authentications. Unfortunately, Subversion has extremely poor documentation. I am also unfamiliar with it so I can't recommend any particular site. Here is one example, there are many more.
Currently Being ModeratedMay 7, 2012 2:22 PM (in response to Bidit Mazumder)
I'm already using the httpd.conf for <location> access? should i use .htaccess in addition to to this?
mine is in /private/etc/apache2/users/yourUser.conf and looks like:
Options Indexes MultiViews
Allow from all
LoadModule dav_svn_module libexec/apache2/mod_dav_svn.so
AuthName "Restricted Files"
# (FOLLOWING LINE OPTIONAL)
# AuthBasicProvider file
# Require vaild-user
Require user barclay
# <Location /websvn>
# DAV svn
# # SVNParentPath /usr/local/svn/repos
# SVNParentPath /Library/WebServer/Documents/Websvn
# AuthType Basic
# AuthName "Restricted Files"
# AuthUserFile /etc/apache2/passwd/passwords
# Require user barclay
AuthName "Restricted Files"