| View previous topic :: View next topic |
| Author |
Message |
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
 Posted: Tue Aug 24, 2004 11:00 pm Post subject: trying to get svnserve with ssh to work |
 |
|
Hey all,
I'm trying to get Subversion up and running with the svn+ssh method. I emerged the latest Subversion and grabbed the xinet.d file from bugzilla https://bugs.gentoo.org/show_bug.cgi?id=43245. I created a user svn and made it member of the group svn. I adjusted those values in the xinet.d script. I also added | Code: | | -t -r /var/svn/repos |
to the server_args so the script looks like this: | Code: | service svnserve
{
disable = no
socket_type = stream
wait = no
user = svn
group = svn
log_type = FILE /var/log/svnserve
protocol = tcp
log_on_failure += USERID
port = 3690
server = /usr/bin/svnserve
server_args = -i -t -d /var/svn/repos
} |
I used the svnadmin create command to to create a test repository in /var/svn/repos/test, I ran that command as root. I then changed the owner of the repository to svn:svn
Now when I want to connect with my normal user I use:
| Code: | | svn list svn+ssh://localhost/var/svn/repos/test |
I get asked to authenticate, which succeeds, after which I receive the following error:
| Code: | svn: Berkeley DB error while opening environment for filesystem /var/svn/repos/test/db:
Permission denied |
Now obviously, this is some permission error, I did something wrong with the users, but I don't quite know what exactly. I also tried doing the whole thing as root, meaning, running the svnserve process as root, and creating /var/svn/repos with root:root as owner.
Also the -r /var/svn/repos doesn't seem to work, I still have to supply the full path to the repository.
Any help is greatly appreciated |
|
| Back to top |
|
 |
lwithers
Guru
Joined: 31 Dec 2003
Posts: 300
Location: Reading, UK
|
| Posted: Wed Aug 25, 2004 10:18 am Post subject: |
|
|
OK, if you're using svn+ssh, you don't need xinetd or any of that stuff. The svn client simply connects via ssh and runs its own commands on the server. I use svn+ssh for about a dozen repositories at home, so it works fine.
The problem you're getting is that the user you're connecting as via ssh doesn't have read permissions for the repository. When you did the permissions change, did you make it recursive ("chown -R")? If so, go exploring in the repository, or simply execute:
| Code: | find /var/svn/repos -type d -exec chmod ug+rwx,o-rwx {} \;
find /var/svn/repos -type f -exec chmod ug+rw,o-rw {} \; |
and make sure that the user you are connecting as is in the svn group. |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Wed Aug 25, 2004 10:57 am Post subject: |
|
|
Thanks for the answer.
The user I was trying to connect with didn't have read permissions indeed. Problem was I didn't know a user can be member of multiple groups  , I made my regular user member of the svn group.
What I don't understand is the following: | Quote: |
OK, if you're using svn+ssh, you don't need xinetd or any of that stuff. |
Does that mean I don't have to start svnserve at all? Or just start it with the command line with the -d option? And if so, how do I automatically start it every time I boot my pc? With the init.d script on bugzilla? |
|
| Back to top |
|
|
lwithers
Guru
Joined: 31 Dec 2003
Posts: 300
Location: Reading, UK
|
| Posted: Wed Aug 25, 2004 3:15 pm Post subject: |
|
|
When you use the svn+ssh method, you don't have to run a server application at all. You see, the subversion client will ssh in and then access the database itself. So you don't need to tell it to run automatically at boot, or anything like that at all. I literally did:
| Code: | emerge subversion
svnadmin create /repos |
and from that point on I could use svn+ssh to access the repository. Pretty cool  |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Wed Aug 25, 2004 8:54 pm Post subject: |
|
|
Allright I got it to work! Thanks!
The problem was although I made my user member of the group svn, it seemed it wouldn't apply that change. When I listed the groups I was in, svn wasn't listed. After an half hour it dawned to me that maybe I had to re-logon to made the change effective
What I'm wondering about now is that if I don't have to start the svnserver at all, how do I give it options? I don't want to type the full path to the repository directory everytime. I see you created you repos in / but I didn't so I have to type /var/svn/repos everytime. |
|
| Back to top |
|
|
lwithers
Guru
Joined: 31 Dec 2003
Posts: 300
Location: Reading, UK
|
| Posted: Wed Aug 25, 2004 11:07 pm Post subject: |
|
|
Actually, my repositories are in /home/subversion/{name-of-repos}
But since you only have to type the full name occasionally, that's not really a problem. Once you have a repository checked out, "svn status", "svn up", "svn commit" et al. will work out all the details automatically as long as you're in the right directory. |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Thu Aug 26, 2004 7:59 am Post subject: |
|
|
| Ah ok, thanks a lot for the help! |
|
| Back to top |
|
|
dohko
Tux's lil' helper
Joined: 24 Sep 2004
Posts: 112
Location: São Paulo - Brasil
|
| Posted: Tue Feb 01, 2005 6:23 pm Post subject: |
|
|
Hi guys,
I had the same problem when I was setting up my svn server. I wanted to make it accessible only by ssh.
So, I created a user and a group called svn. Then I created a repository with this newly created user in its home.
I was able to use svn only with that user because I also had permission problems. I followed some hints on this post, but I ended up with a somehow more restricted envoronment.
First, I changed the permissions only for the db directory of my repository. The root looks like this:
| Code: | drwxr-x--- 7 svn svn 224 Feb 1 15:29 .
drwxr-xr-x 6 svn svn 280 Feb 1 15:29 ..
-rw-r--r-- 1 svn svn 379 Feb 1 15:29 README.txt
drwxr-x--- 2 svn svn 80 Feb 1 15:29 conf
drwxr-x--- 2 svn svn 48 Feb 1 15:29 dav
drwxrws--T 2 svn svn 472 Feb 1 15:29 db
-r--r--r-- 1 svn svn 2 Feb 1 15:29 format
drwxr-x--- 2 svn svn 232 Feb 1 15:29 hooks
drwxr-x--- 2 svn svn 104 Feb 1 15:29 locks |
I gave write permission to the db but added a sticky bit to it. So, only user svn can delete things. This way, another user that is a member of svn group can access the repository but it can not destroy things (I was wondering if somebody that had access to the repository through ssh would ever think of deleting it). Also, the files within the db directory also need write permission in the group bit.
The only odd thing I notice now is that users are asked twice for their account password. Anyone had this problem? |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Tue Feb 01, 2005 7:29 pm Post subject: |
|
|
Wow, replying on a post from 2003 in 2005, mighty brave
I can't help you though, I'm using subversion repositories at my hosting now (textdrive.com), so I don't have all the hassle of the svn administration. |
|
| Back to top |
|
|
dohko
Tux's lil' helper
Joined: 24 Sep 2004
Posts: 112
Location: São Paulo - Brasil
|
| Posted: Tue Feb 01, 2005 8:03 pm Post subject: |
|
|
| dfuse wrote: | | Wow, replying on a post from 2003 in 2005, mighty brave |
I actually thought that the sticky bit idea to restrict repository access while keeping it working with ssh was interesting and worthed a reply 
Thanks for the fast reply! I'll keep trying to solve the password stuff or find an explanation for that! |
|
| Back to top |
|
|
dfuse
Guru
Joined: 07 Apr 2003
Posts: 395
Location: Belgium
|
| Posted: Tue Feb 01, 2005 8:07 pm Post subject: |
|
|
| Good luck! |
|
| Back to top |
|
|
|
Portage & Programming
