软件：
@H_404_2@

SVN服务器：subversion@H_404_2@

http://subversion.apache.org/packages.html @H_404_2@

SVN客户端：TortoiseSVN@H_404_2@

http://tortoisesvn.net/downloads.html @H_404_2@

一、SVN安装@H_404_2@

[root@db ~]# yum -y install subversion@H_404_2@

二、配置SVN@H_404_2@

新建一个目录用于存放svn的所有文件@H_404_2@

[root@db ~]# mkdir /svn@H_404_2@

新建一个资源仓库@H_404_2@

[root@db ~]# svnadmin create /svn/project@H_404_2@

[root@db ~]# ll /svn/project/@H_404_2@

total 24@H_404_2@

drwxr-xr-x. 2 root root 4096 Aug 18 14:23 conf@H_404_2@

drwxr-sr-x. 6 root root 4096 Aug 18 14:23 db@H_404_2@

-r--r--r--. 1 root root 2 Aug 18 14:23 format@H_404_2@

drwxr-xr-x. 2 root root 4096 Aug 18 14:23 hooks@H_404_2@

drwxr-xr-x. 2 root root 4096 Aug 18 14:23 locks@H_404_2@

-rw-r--r--. 1 root root 229 Aug 18 14:23 README.txt@H_404_2@

各目录用途说明：@H_404_2@

hooks目录：放置hook脚本文件的目录@H_404_2@

locks目录： 放置subversion的db锁文件@H_404_2@

format文件：是一个文本文件，里面只放了一个整数，表示当前文件库配置的版本号@H_404_2@

conf目录：这个是仓库的配置文件@H_404_2@

配置svn服务的配置文件@H_404_2@

[root@db ~]# vim /svn/project/conf/svnserve.conf
@H_404_2@

[general]@H_404_2@

### These options control access to the repository for unauthenticated@H_404_2@

### and authenticated users. Valid values are "write","read",@H_404_2@

### and "none". The sample settings below are the defaults.@H_404_2@

anon-access = none@H_404_2@

auth-access = write@H_404_2@

### The password-db option controls the location of the password@H_404_2@

### database file. Unless you specify a path starting with a /,@H_404_2@

### the file's location is relative to the directory containing@H_404_2@

### this configuration file.@H_404_2@

### If SASL is enabled (see below),this file will NOT be used.@H_404_2@

### Uncomment the line below to use the default password file.@H_404_2@

password-db = /svn/project/conf/passwd@H_404_2@

### The authz-db option controls the location of the authorization@H_404_2@

### rules for path-based access control. Unless you specify a path@H_404_2@

### starting with a /,the file's location is relative to the the@H_404_2@

### directory containing this file. If you don't specify an@H_404_2@

### authz-db,no path-based access control is done.@H_404_2@

### Uncomment the line below to use the default authorization file.@H_404_2@

authz-db = /svn/project/conf/authz@H_404_2@

### This option specifies the authentication realm of the repository.@H_404_2@

### If two repositories have the same authentication realm,they should@H_404_2@

### have the same password database,and vice versa. The default realm@H_404_2@

### is repository's uuid.@H_404_2@

realm = My Test Repository@H_404_2@

添加访问用户及密码
@H_404_2@

vi/svn/project/conf/passwd
[users]
test1=123456
test2=123456

配置新用户的授权文件@H_404_2@

@H_404_2@

[root@db ~]# vim /svn/project/conf/authz@H_404_2@

[aliases]@H_404_2@

# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil,Ltd./OU=Research Institute/CN=Joe Average@H_404_2@

@H_404_2@

[groups]@H_404_2@

# harry_and_sally = harry,sally@H_404_2@

# harry_sally_and_joe = harry,sally,&joe@H_404_2@

[groups]@H_404_2@

# harry_and_sally = harry,&joe@H_404_2@

admin = admin@H_404_2@

user = test1,test2@H_404_2@

# [/foo/bar]@H_404_2@

# harry = rw@H_404_2@

# &joe = r@H_404_2@

# * =@H_404_2@

# [repository:/baz/fuz]@H_404_2@

# @harry_and_sally = rw@H_404_2@

# * = r@H_404_2@

[/]@H_404_2@

@admin = rw@H_404_2@

@user = r@H_404_2@

* =@H_404_2@

（@H_404_2@

[<版本库>:/项目/目录]@H_404_2@

@<用户组名> = <权限>@H_404_2@

<用户名> = <权限>@H_404_2@

/表示对根目录（即/svn/project目录）下的所有子目录范围设置权限；@H_404_2@

[/abc]表示对资料库中abc项目设置权限；@H_404_2@

创建一个admin组，组成员包括xiaoran.shen和test1@H_404_2@

创建一个user组，成员只有test2；@H_404_2@

admin组对目录有读写权限；@H_404_2@

单个用户test2有读写权限；@H_404_2@

*=表示除了上面设置的权限用户组以外，其他所有用户都设置空权限，空权限表示禁止访问本目录，这很重要一定要加上。@H_404_2@

）@H_404_2@

启用svn服务并且iptables放行3690@H_404_2@

@H_404_2@

[root@db ~]# svnserve -d -r /svn/project/@H_404_2@

@H_404_2@

[root@db ~]# vim /etc/sysconfig/iptables@H_404_2@

@H_404_2@

# Firewall configuration written by system-config-firewall@H_404_2@

# Manual customization of this file is not recommended.@H_404_2@

*filter@H_404_2@

:INPUT ACCEPT [0:0]@H_404_2@

:FORWARD ACCEPT [0:0]@H_404_2@

:OUTPUT ACCEPT [0:0]@H_404_2@

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT@H_404_2@

-A INPUT -p icmp -j ACCEPT@H_404_2@

-A INPUT -i lo -j ACCEPT@H_404_2@

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT@H_404_2@

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT@H_404_2@

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT@H_404_2@

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT@H_404_2@

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3690 -j ACCEPT@H_404_2@

-A INPUT -j REJECT --reject-with icmp-host-prohibited@H_404_2@

-A FORWARD -j REJECT --reject-with icmp-host-prohibited@H_404_2@

COMMIT@H_404_2@

[root@db ~]# service iptables restart@H_404_2@

iptables: Setting chains to policy ACCEPT: filter [ OK ]@H_404_2@

iptables: Flushing firewall rules: [ OK ]@H_404_2@

iptables: Unloading modules: [ OK ]@H_404_2@

iptables: Applying firewall rules: [ OK ]@H_404_2@