Setup an SVN repo on a school server
I like Subversion, and think it is useful for the various group projects I’ve done at the University of Tennessee in the EECS department. I figured some other students on a unix-based network with limited privileges might also, and could use a quick tutorial for setting up Subversion on one member’s user account in such a way that is secure, doesn’t require labstaff adding any groups, and is still easy for fellow classmates to access while maintaining user identity in the Subversion logs. The only downside is one user has to be the host, so everyone run quota and the sucker with the most free space gets to host the repository… :(
In this tutorial, the host’s login is larry, and the group members’ logins are curly and moe. How original…
First, choose a location to host your repos. You may want more than one in which case it would be good to place them all in the same location. I chose “.repos” in my home directory since I should rarely access it directly and no other users will ever access it directly. The name of this first repository will be dmtask1, but you could make additional ones as well, and with different user access rules (more later).
~> whoami larry ~> mkdir .repos ~> svnadmin create ~/.repos/dmtask1 ~> cd .ssh ~/.ssh> ssh-keygen -t rsa -N '' -C 'curly_dmtask1_SVN_only' -f ./id_rsa.curly_dmtask1 ~/.ssh> ssh-keygen -t rsa -N '' -C 'moe_dmtask1_SVN_only' -f ./id_rsa.moe_dmtask1
At this point you have created your first svn repository inside your home directory. By default it should be only readable and writable by your user (drwx——). Do not mess with the permissions, just leave them alone.
Also, you have created some public/private key pairs for the two users that we are allowing access to, but we are not done here yet. Send each respective user their private key file (id_rsa.*_dmtask1) via email or preferably some more secure method since those files will allow password-less access to the svn repository.
~/.ssh> echo -n 'command="svnserve -t --tunnel-user=curly -r /home/
/.repos/dmtask1",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ' >> authorized_keys ~/.ssh> cat id_rsa.curly_dmtask1.pub >> authorized_keys ~/.ssh> echo -n 'command="svnserve -t --tunnel-user=moe -r /home/ /.repos/dmtask1",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ' >> authorized_keys ~/.ssh> cat id_rsa.moe_dmtask1.pub >> authorized_keys ~/.ssh> chmod 0600 authorized_keys
Now you’ve added the public keys for both users to your authorized_keys file so that they can login to your Linux account without a password. Wait.. What?! Actually, the command=”svnserve -t –tunnel-user=curly”,no-… part tells ssh to run the svnserve command in tunnel mode with the specified user, and not allow any other activity over the ssh session, so you are safe (I think.. I take no responsibility for any security risks blah blah blah…).
Guess what? You’re actually done already. That was easy.
Client Setup – Linux
Ok, now it is time for the clients (your classmates) to do some work.
First get that private key file from the host, say it is called id_rsa.curly_dmtask1
~> whoami curly ~> mv <path_to_file>/id_rsa.curly_dmtask1 ~/.ssh/ ~> chmod 0600 .ssh/id_rsa.curly_dmtask1
Now, setup your environment to force the svn client to use that private key. You will do this with the SVN_SSH environment variable. The first command below sets it once. The second will add it to your is to your shell’s .*rc file: e.g. .bashrc, .zshrc, etc..
~> export SVN_SSH="ssh -i $HOME/.ssh/id_rsa.curly_dmtask1" ~> echo "export SVN_SSH=\"ssh -i $HOME/.ssh/id_rsa.curly_dmtask1\"" >> ~/.`basename $SHELL`rc
You should now be ready to access the svn repository! Here’s how
~> svn checkout svn+ssh://larry@$HOST/@ dmtask1 ~> cd dmtask1 ~/dmtask1> cat > test_file This is a test! <CTRL+D> ~/dmtask1> svn add test_file ~/dmtask1> svn commit -m "Just testing..."
The first command will checkout the repository from the root directory into a new folder in the current working directory named dmtask1. Notice that this command includes larry@, which specifies the host’s username, not yours. Don’t worry, any svn commands you carry out in this working copy will be done under your credentials, not the host’s (the –tunnel-user option accomplishes this).
Client Setup – Windows
If you are accessing an svn repo from windows then you
are most likely should be doing it through TortoiseSVN. See this page for some good instructions on configuring your machine to work with this repository setup.