Fork me on GitHub

Installing Subversion on a Home Ubuntu Server - Set Directory Permissions

Article Index

5. Set the correct directory permissions

Set the correct permissions of the directory using the chmod command.

sudo chmod -R 2770 /usr/local/svn/svn.example.com

6. Create the svn repository

Use the svnadmin command to create the svn repository.

sudo svnadmin create /usr/local/svn/svn.example.com

7. Clear the password file and recreate it

Here, we delete the standard password file that svnadmin creates because it assumes that we will be using the svn protocol. In reality, we are using HTTP.

sudo rm /usr/local/svn/svn.example.com/conf/passwd
sudo touch /usr/local/svn/svn.example.com/conf/passwd

8. Set the ownership

We need to set the www-data user as the owner and the svnuser group as the user for the repository. We then make all the directories and files group writeable. Most errors that come up with subversion web access are due to ownership problems; i.e., the web server doesn't have permission to read from or write to those directories. These commands will ensure that the permissions are set correctly.

sudo chmod -R g+w /usr/local/svn/svn.example.com
sudo chown -R www-data:svnuser /usr/local/svn/svn.example.com

9. Setup the subversion authz file

This file will control who can access which repositories. You can get very specific, down to the directory, of who has access to what when you edit this file. I find that using groups is the most efficient way for me to control access to the repositories. Getting directory specific can put extra load on the server and, for general use, isn't necessary. For more information about this file and the things you can do with it, take a look at Path-Based Authorization.

You can edit the file by typing:

sudo vi /usr/local/svn/svn.example.com/conf/authz

Once in the file, add at least one group under the heading [groups] in the format groupname = user1, user2. After you have created a group, you can assign it either read (r), or read/write (rw) privileges.

For example, let's say you have three users with the following usernames: harry, robert, sally. Harry and Sally are developers that should have read/write access to the repository, while Robert is an intern that just needs to be able to see the repository. When you get done editing the authz file, it should look something like this

[groups]
developers = harry, sally
interns = robert

[/]
@developers = rw
@interns = r

If a user is not mentioned in this file, no access will be allowed. If you wanted all users that you setup to be able to read the repository without having to edit this file each time, you could add the following line under [/]

* = r