SVN 权限管理

本文最后更新于:2024年9月8日 晚上

SVN 权限管理

  • 在服务器端的版本库配置文件夹下有三个配置文件:
    • authz
    • passwd
    • svnserve.conf

svnserve.conf

版本库服务配置文件。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
anon-access = none
# 开启授权访问
auth-access = write
### The password-db option controls the location of the password
### database file.  Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control.  Unless you specify a path
### starting with a /, the file's location is relative to the the
### directory containing this file.  If you don't specify an
### authz-db, no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz
### This option specifies the authentication realm of the repository.
### If two repositories have the same authentication realm, they should
### have the same password database, and vice versa.  The default realm
### is repository's uuid.
# realm = My First Repository
### The force-username-case option causes svnserve to case-normalize
### usernames before comparing them against the authorization rules in the
### authz-db file configured above.  Valid values are "upper" (to upper-
### case the usernames), "lower" (to lowercase the usernames), and
### "none" (to compare usernames as-is without case conversion, which
### is the default behavior).
# force-username-case = none

[sasl]
### This option specifies whether you want to use the Cyrus SASL
### library for authentication. Default is false.
### This section will be ignored if svnserve is not built with Cyrus
### SASL support; to check, run 'svnserve --version' and look for a line
### reading 'Cyrus SASL authentication is available.'
# use-sasl = true
### These options specify the desired strength of the security layer
### that you want SASL to provide. 0 means no encryption, 1 means
### integrity-checking only, values larger than 1 are correlated
### to the effective key length for encryption (e.g. 128 means 128-bit
### encryption). The values below are the defaults.
# min-encryption = 0
# max-encryption = 256
  • anon-access:控制非鉴权用户访问版本库的权限,取值范围为"write",“read"和"none”,即"write"为可读可写,"read"为只读,"none"表示无访问权限,默认值:read
  • auth-access:控制鉴权用户访问版本库的权限,取值范围为"write",“read"和"none”,即"write"为可读可写,"read"为只读,"none"表示无访问权限,默认值:write
  • authz-db:指定权限配置文件名,通过该文件可以实现以路径为基础的访问控制,除非指定绝对路径,否则文件位置为相对conf目录的相对路径,默认值:authz
  • realm:指定版本库的认证域,即在登录时提示的认证域名称,若两个版本库的认证域相同,建议使用相同的用户名口令数据文件,默认值:一个UUID(Universal Unique IDentifier,全局唯一标示)
  • password-db:用户名口令文件,用户名口令文件由svnserve.conf的配置项password-db指定,默认为conf目录中的passwd

authz

  • 分配权限的配置文件,该配置文件由一个[groups]配置段和若干个版本库路径权限段组成。
  • [groups]配置段中配置行格式如下:
1
<用户组> = <用户列表>
  • 版本库路径权限段的段名格式如下:
1
[<版本库名>:<路径>]

实例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

# 用户组
[groups]
chengdu = user1,user2
beijing = user3

# 针对版本库根目录设置权限
[/]
@beijing = rw

# 设置指定版本库权限
[/helloworld]
@chengdu = rw
user5 = r
# * = 表示除了上述配置权限的用户之外,其他用户没有任何权限
* =

注意😡:表示用户组,不带@表示用户。

passwd

  • 设置用户名密码的配置文件。
  • [users]配置段的配置行格式如下:
1
<用户名> = <口令>

实例

1
2
3
4
5
6
7
8
9
10
11
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.

[users]
user1 = passwd01
user2 = 123456
user3 = abcdefg
user4 = aaaa
user5 = bbbb
Software DevOps VCS SVN

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!