Introduction
============
svnstsw (SVNServe Tunnel-mode Setuid/setgid Wrapper) is a wrapper
around svnserve that sets the tunnel user equal to the username of the
user that started the wrapper.
Essentially, if the user running svnstsw logged in as "user1", then
svnstsw executes the following:
/usr/bin/svnserve --tunnel --tunnel-user=user1 --root=/path/to/repository
It is intended that svnstsw will have the SUID/SGID bit set and will
be owned by a user/group with read and write access to the target
Subversion repository files. This allows any user to access the
repository (modulo access controls in the repository's authz database)
without granting users read or write access to all of the repository
files.
Quick Install
=============
1. Install Subversion. The following steps assume that svnserve was
installed to /usr/bin/svnserve.
2. Rename svnserve:
$ sudo mv /usr/bin/svnserve /usr/bin/svnserve.real
Why rename it? See the discussion at the end of these
instructions.
3. Create a system group named 'svn'. Do not add any users to this
group.
4. Change repository permissions:
$ sudo chgrp -R svn /path/to/repository
$ sudo chmod g+rw,o-rwx /path/to/repository
5. Set up repository access controls. Here is an example authz file
(/path/to/repository/conf/authz):
---------------------
[groups]
group1 = user1, user2
group2 = user3
[/]
@group1 = r
@group2 = rw
---------------------
Note that usernames in authz should come from system usernames
(e.g., someone who logs in as 'foo' on the system should be
referred to as 'foo' in the authz file).
6. Enable access controls. In
/path/to/repository/conf/svnserve.conf:
---------------------
[general]
authz-db = authz
---------------------
7. Build and install svnstsw:
$ cd ~
$ tar xvfz /path/to/svnstsw-1.4.tar.gz
$ cd svnstsw-1.4
$ ./configure --with-svnserve=/usr/bin/svnserve.real
$ make
$ sudo make install
This puts the svnstsw executable in /usr/local/bin/svnstsw.
8. Create a symlink named svnserve that points to svnstsw:
$ sudo ln -s ../local/bin/svnstsw /usr/bin/svnserve
Now the command "svnserve" actually runs /usr/local/bin/svnstsw
(which in turn runs /usr/bin/svnserve.real).
9. Set up setgid on the svnstsw executable:
$ sudo chgrp svn /usr/local/bin/svnstsw
$ sudo chmod g+s /usr/local/bin/svnstsw
10. You're done! Now test access. From a client machine:
$ svn checkout svn+ssh://svn-server.acme.org/path/to/repository
Why rename svnserve to svnserve.real: The svn client executes
"svnserve -t" on the server by default. Thus, for this wrapper to be
effective, typing "svnserve" should invoke the svnstsw wrapper, not
svnserve. One way to do this is to move svnserve out of the way and
replace it with either a copy of the svnstsw executable or a symlink
to the svnstsw executable. An alternative is to create a
svnserve->svnstsw symlink in another directory and make sure this
other directory is in each user's PATH environment variable *before*
the directory containing the real svnserve.
If you also wish to have http-based access through the mod_dav_svn
Apache module, simply add the Apache user to the svn group. (You may
also need to make sure Apache uses a umask of 0007.)
Build Options
=============
The svnstsw wrapper has several build-time options, specified by
command-line arguments to the configure script. This section briefly
introduces some of the more interesting options. For more details,
see "./configure --help".
'--with-svnserve=/path/to/svnserve':
This tells configure where the real svnserve is located.
'--disable-svnserve-root-override':
This argument causes svnstsw to ignore the '--root' command-line
argument.
'--with-svnserve-root-default=/path/to/repository':
This argument causes svnstsw to always pass
'--root=/path/to/repository' to svnserve, unless the '--root'
command-line argument is passed to svnserve and the above
'--disable-svnserve-root-override' argument is NOT given to
configure.
This command is useful for cleaning up repository URLs. For
example, suppose a repository is put in
/srv/svn-repositories/project1 on the server named
svn-server.acme.org. Normally, the URL to this repository would
look like the following:
svn+ssh://svn-server.acme.org/srv/svn-repositories/project1
By passing '--with-svnserve-root-default=/srv/svn-repositories' to
configure, users would use the following URL instead:
svn+ssh://svn-server.acme.org/project1
'--with-umask=<mode_t expression>':
This argument is used to control the default permissions of files
created inside the repository (due to commits, etc.). By default,
the user and group will have read and write access to
newly-created files while everyone else will have no access at
all.
The value of this expression is passed to the umask() system
function; see
http://www.opengroup.org/onlinepubs/000095399/functions/umask.html
and
http://www.opengroup.org/onlinepubs/000095399/basedefs/sys/stat.h.html
for details.
'--with-doxygen=/path/to/doxygen' and
'--with-dot=/directory/containing/dot':
These arguments tell the build system where it can find Doxygen
and the 'dot' utility. These utilities are used to build
documentation for the svnstsw source code, which is useful for
developers wishing to modify or extend svnstsw. Doxygen is
required to build the documentation; dot is optional. If dot is
found, the documentation will contain pretty graphs.
To build the Doxygen documentation, type "make html" after running
configure. If "make install" is run after "make html", then the
Doxygen documentation will be installed (to
/usr/local/share/doc/svnstsw/html by default).