Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Centos implements svn Local Authentication apache Authentication

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)06/03 Report--

This article system: Centos6.5_x64 local lamp environment ip:192.168.184.129

First, set up svn to achieve svn access and local user authentication

Second, implement http access and apache local file authentication

Subversion directory description:

* dav directory: provides directories for apache and mod_dav_svn to store internal data

* db directory: all version-controlled data storage files

* hooks directory: the directory where the hook script files are placed

* locks directory: the directory used to place subversion's hard-locked data, and to track clients accessing the vault

* format file: it is a text file with only an integer in it. Represents the version number of the current vault configuration

* conf directory: is the configuration file of this warehouse (user access account, permissions, etc.)

First, set up svn service

1. Set up svn service

[root@Aries ~] # yum install ntsysv vim-enhanced subversion mod_perl gcc-c++ make unzip-y

2. Create a new directory to store all SVN files and create a version repository

[root@Aries ~] # mkdir / opt/svn [root@Aries ~] # svnadmin create / opt/svn/svn

3. Initialize the directory in the version repository

Description of warehouse directory structure:

[root@Aries ~] # mkdir svnsvn / dev svn/qa svn/ops svn/pub svn/ops/web svn/ops/wap [root@Aries ~] # tree svnsvn ├── dev # R & D directory ├── ops # operation and maintenance directory │ ├── wap # project directory │ └── web ├── pub # Public directory └── qa # Test directory 6 directories, 0 files

Import the warehouse:

[root@Aries ~] # svn import svn/ file:///opt/svn/svn/-m "init svn repo" adds svn/ops, adds svn/ops/wap, adds svn/ops/web, adds svn/qa, adds svn/pub, adds svn/dev submitted version 1. [root@Aries ~] # rm-rf svn/

4. Add users

Adding SVN users is as simple as adding an entry in the / opt/svn/svn/conf/passwd file that looks like "username=password".

[root@Aries conf] # pwd/opt/svn/svn/conf [root@Aries conf] # cat passwd | grep-v ^ # [users] admin = admin # administrator dev = dev # R & D test account qa = qa ops = opszq = zq # ordinary personal account

5. Modify user access policy

/ opt/svn/opt/conf/authz records the user's access policy

[root@Aries conf] # cat authz [groups] g_admin = adming_dev = devg_qa = qag_ops = ops ZQ [SVN: /] @ g_admin = rw* = [svn:/dev] @ g_admin = rw@g_dev = rw@g_qa = r * = [svn:/qa] @ g_admin = rw@g_qa = rw@g_dev = r@g_ops = r * = [svn:/ops] @ g_admin = rw@g_ops = rw@g_qa = r * = [svn:/pub] @ g_admin = rw@g_ops = rw@g_qa = rw@g_dev = rw* =

Note: the above information indicates that only the admin user group has the right to read and write the root directory. R indicates read access to the directory, w indicates write access to the directory, and rw indicates read and write permission to the directory. The * = on the last line indicates that no one is allowed to access this directory except for the user group with permissions set above. This is very important, it must be added!

6. Modify the svnserve.conf file to make the user and policy configuration take effect.

[root@Aries conf] # cat svnserve.conf[ general] anon-access = noneauth-access = writepassword-db = / opt/svn/svn/conf/passwdauth-db = / opt/svn/svn/conf/ authz [sasl] anon-access controls the access of unauthenticated users to the version library. The values range are "write", "read" and "none", that is, "write" is readable and writable, "read" is read-only, and "none" means no access. Default: read

Auth-access controls the permissions of authenticated users to access the version library. The range of values is "write", "read" and "none". That is, "write" is readable and writable, "read" is read-only, and "none" means no access. Default: write

Password-db specifies the username password file name. Unless you specify an absolute path, the file location is a relative path to the conf directory. Default: passwd

Authz-db specifies the permissions profile name through which path-based access control can be implemented. Unless you specify an absolute path, the file location is a relative path to the conf directory. Default: authz

7. Start the svn service

[root@Aries] # svnserve-d-r / opt/svn

8. Testing service

[root@Aries] # svn co svn://192.168.184.129/svn-no-auth-cache-username username-password passwd

Test submission

Second, implement http access and apache local file authentication

Since the password of the SVN server is in clear text and is not supported by the HTTP server, it needs to be converted to a format supported by HTTP.

1. Install the apache svn integration dependency package, resulting in two so files

LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_ svn.so [root @ Aries ~] # yum install mod_dav_svn-y

2. Convert the user configuration of svn to http authentication file

The following is a small script; easy to convert

[root@Aries conf] # pwd/opt/svn/svn/conf [root@Aries conf] # cat stoh.pluse warnings;use strict;open (FILE, "passwd") or die ("Cannot open the passwd fileworthiness accounting accounting n"); open (OUT_FILE, "> webpasswd") or die ("Cannot open the webpasswd filebreaking accounting accountn"); close (OUT_FILE); foreach () {if ($_ = ~ m / ^ [^ #]. * = /) {$_ = ~ splatter; `htpasswd-b webpasswd $_ ` }}

Make a conversion

[root@Aries conf] # perl stoh.plAdding password for user adminAdding password for user devAdding password for user qaAdding password for user opsAdding password for user zq

3. Modify httpd.conf to add content about SVN server

[root@Aries conf] # vim / etc/httpd/conf/httpd.conf#add for svnDAV svnSVNPath / opt/svn/svn/AuthType BasicAuthName "Authentication for svn" AuthUserFile / opt/svn/svn/conf/webpasswdAuthzSVNAccessFile / opt/svn/svn/conf/authzSatisfy allRequire valid-user

Restart the service

[root@Aries conf] # / etc/init.d/httpd restart

4. Test the page

Test of switching accounts

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report