Home / server / Questions / 41382
Accepted
casualcoder
Asked: 2009-07-16 18:34:51 +0800 CST

Setting up SVN server for multiple users over http

  • 772

The SVN annotate feature is quite powerful and makes quick work of who to track down for a particular feature on a particular line of code. This feature is rendered slightly more limited (but still useful) if users access SVN via http. There are no credentials exchanged this way so the annotation shows no name for a line modified by by a developer who uses http to commit a change.

The question is, is there a way for a developer to pass credentials of some sort to SVN on the server to uniquely identify their commit? It is merely the presence of an ID that is required in this environment. Alternate methods such as svn+ssh and file protocols are not available. Finally, this server is on an internal LAN, not public. Tips for https also welcome.

The SVN server is running on Linux with Apache2.

linux http svn web-server svnserve

4 Answers

  1. Since you are running SVN through Apache, you can take advantage of Apache's built-in authentication methods to control access / track changes to your repository. The sample below will work with an htaccess-style setup:

    AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /path/to/user/list
Require valid-user

    You can configure this in an htaccess file, or in the VirtualHost configuration file.

    • 7
  2. Best Answer

    in apache config:

    <Location /svn>
    DAV svn
    SVNPath /mnt/big/svn
    AuthType Basic
    AuthName "SVN Server"
    AuthUserFile /etc/apache2/svn.pass
    Require valid-user
    AuthzSVNAccessFile /etc/apache2/svn_authz

    and /etc/apache2/svn_authz can contain fine-graned management of who can access what:

    [groups]
ops=user1,user2
it=user2,user3

[/]
* = rw

[/ops]
* =
@ops=rw

[/ro]
* = 
@ops = r
@it = r
user4 = rw

    if you have ldap / active directory server at hand you can use it instead of AuthUserFile for apache authentication.

    • 6

  3. Short answer: mod_authz_svn

    You can have a little about apache + svn + mod_autz_svn and something more in my slides presented to the International PHP Conference '09 available at http://superalbert.it/download/misc/PHPCon09_SVN_advanced.pdf

    • 1

  4. This answer assumes your developers use Windows and your have a Active Directory domain controller.

    You can join the Linux svn server to the domain by following this article.

    From there, you configure apache to authenticate to the AD using Kerberos. First install mod_auth_kerb, then connect apache2 to kerberos for authentication. See Microsoft's documenation. Make sure you implement SSL if you are at all worried about the security between the client and the server.

    After you are done, user's can log in with their Windows passwords and activities will be assigned to their user.

    Unfortunately, I can't get you specific configuration details right now as I am out of the office and don't have access to our svn server.

    • 1