[svnbook] r3960 committed - * src/en/book/ch06-server-configuration.xml...
svnbook at googlecode.com
svnbook at googlecode.com
Fri Aug 5 11:36:04 CDT 2011
Revision: 3960
Author: cmpilato at gmail.com
Date: Fri Aug 5 09:34:57 2011
Log: * src/en/book/ch06-server-configuration.xml
More read-thru edits, very nearly entirely of the XML formatting
sort. Yeah, because I get hung up on stuff like that.
http://code.google.com/p/svnbook/source/detail?r=3960
Modified:
/trunk/src/en/book/ch06-server-configuration.xml
=======================================
--- /trunk/src/en/book/ch06-server-configuration.xml Fri Aug 5 09:15:59
2011
+++ /trunk/src/en/book/ch06-server-configuration.xml Fri Aug 5 09:34:57
2011
@@ -451,19 +451,25 @@
<command>svnserve</command> program:</para>
<itemizedlist>
- <listitem><para>Run <command>svnserve</command> as a
- standalone daemon, listening for
- requests.</para></listitem>
- <listitem><para>Have the Unix <command>inetd</command> daemon
+ <listitem>
+ <para>Run <command>svnserve</command> as a standalone
+ daemon, listening for requests.</para>
+ </listitem>
+ <listitem>
+ <para>Have the Unix <command>inetd</command> daemon
temporarily spawn <command>svnserve</command> whenever a
- request comes in on a certain port.</para></listitem>
- <listitem><para>Have SSH invoke a
- temporary <command>svnserve</command> over an encrypted
- tunnel.</para></listitem>
- <listitem><para>Run <command>svnserve</command> as a Microsoft
- Windows service.</para></listitem>
- <listitem><para>Run <command>svnserve</command> as a launchd
- job.</para></listitem>
+ request comes in on a certain port.</para>
+ </listitem>
+ <listitem>
+ <para>Have SSH invoke a temporary <command>svnserve</command>
+ over an encrypted tunnel.</para>
+ </listitem>
+ <listitem>
+ <para>Run <command>svnserve</command> as a Microsoft Windows
+ service.</para></listitem>
+ <listitem>
+ <para>Run <command>svnserve</command> as a launchd job.</para>
+ </listitem>
</itemizedlist>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-->
@@ -486,38 +492,37 @@
<option>--listen-host</option> options to customize the
exact port and hostname to <quote>bind</quote> to.</para>
- <para>Once we successfully start <command>svnserve</command> as
- explained previously, it makes every repository on your system
- available to the network. A client needs to specify an
- <emphasis>absolute</emphasis> path in the repository URL. For
- example, if a repository is located at
- <filename>/var/svn/project1</filename>, a client would
- reach it via
- <uri>svn://host.example.com/var/svn/project1</uri>. To
- increase security, you can pass the <option>-r</option> option
- to <command>svnserve</command>, which restricts it to
- exporting only repositories below that path. For
- example:</para>
-
- <informalexample>
- <screen>
+ <para>Once we successfully start <command>svnserve</command>
+ as explained previously, it makes every repository on your
+ system available to the network. A client needs to specify
+ an <emphasis>absolute</emphasis> path in the repository URL.
+ For example, if a repository is located at
+ <filename>/var/svn/project1</filename>, a client would reach
+ it via <uri>svn://host.example.com/var/svn/project1</uri>.
+ To increase security, you can pass the <option>-r</option>
+ option to <command>svnserve</command>, which restricts it to
+ exporting only repositories below that path. For
+ example:</para>
+
+ <informalexample>
+ <screen>
$ svnserve -d -r /var/svn
…
</screen>
- </informalexample>
-
- <para>Using the <option>-r</option> option effectively
- modifies the location that the program treats as the root of
- the remote filesystem space. Clients then use URLs that
- have that path portion removed from them, leaving much
- shorter (and much less revealing) URLs:</para>
-
- <informalexample>
- <screen>
+ </informalexample>
+
+ <para>Using the <option>-r</option> option effectively
+ modifies the location that the program treats as the root of
+ the remote filesystem space. Clients then use URLs that
+ have that path portion removed from them, leaving much
+ shorter (and much less revealing) URLs:</para>
+
+ <informalexample>
+ <screen>
$ svn checkout svn://host.example.com/project1
…
</screen>
- </informalexample>
+ </informalexample>
</sect3>
@@ -536,47 +541,47 @@
<command>svnserve</command>.</para>
<informalexample>
- <screen>
+ <screen>
$ svnserve -i
( success ( 1 2 ( ANONYMOUS ) ( edit-pipeline ) ) )
</screen>
- </informalexample>
-
- <para>When invoked with the <option>--inetd</option> option,
- <command>svnserve</command> attempts to speak with a
- Subversion client via <filename>stdin</filename> and
- <filename>stdout</filename> using a custom protocol. This is
- the standard behavior for a program being run via
- <command>inetd</command>. The IANA has reserved port 3690 for
- the Subversion protocol, so on a Unix-like system you can add
- lines to <filename>/etc/services</filename> such as these (if
- they don't already exist):</para>
-
- <informalexample>
- <screen>
+ </informalexample>
+
+ <para>When invoked with the <option>--inetd</option> option,
+ <command>svnserve</command> attempts to speak with a
+ Subversion client via <filename>stdin</filename> and
+ <filename>stdout</filename> using a custom protocol. This
+ is the standard behavior for a program being run via
+ <command>inetd</command>. The IANA has reserved port 3690
+ for the Subversion protocol, so on a Unix-like system you
+ can add lines to <filename>/etc/services</filename> such as
+ these (if they don't already exist):</para>
+
+ <informalexample>
+ <screen>
svn 3690/tcp # Subversion
svn 3690/udp # Subversion
</screen>
- </informalexample>
-
- <para>If your system is using a classic Unix-like
- <command>inetd</command> daemon, you can add this line to
- <filename>/etc/inetd.conf</filename>:</para>
-
- <informalexample>
- <screen>
+ </informalexample>
+
+ <para>If your system is using a classic Unix-like
+ <command>inetd</command> daemon, you can add this line to
+ <filename>/etc/inetd.conf</filename>:</para>
+
+ <informalexample>
+ <screen>
svn stream tcp nowait svnowner /usr/bin/svnserve svnserve -i
</screen>
- </informalexample>
-
- <para>Make sure <quote>svnowner</quote> is a user that has
- appropriate permissions to access your repositories. Now,
- when a client connection comes into your server on port 3690,
- <command>inetd</command> will spawn an
- <command>svnserve</command> process to service it. Of course,
- you may also want to add <option>-r</option> to the
- configuration line as well, to restrict which repositories are
- exported.</para>
+ </informalexample>
+
+ <para>Make sure <quote>svnowner</quote> is a user that has
+ appropriate permissions to access your repositories. Now,
+ when a client connection comes into your server on port
+ 3690, <command>inetd</command> will spawn an
+ <command>svnserve</command> process to service it. Of
+ course, you may also want to add <option>-r</option> to the
+ configuration line as well, to restrict which repositories
+ are exported.</para>
</sect3>
@@ -1022,12 +1027,13 @@
</informalexample>
<para>The server process understands not only
- these <quote>blanket</quote> access controls to the
- repository, but also finer-grained access restrictions placed
- on specific files and directories within the repository. To
- make use of this feature, you need to define a file containing
- more detailed rules, and then set
- the <literal>authz-db</literal> variable to point to it:</para>
+ these <quote>blanket</quote> access controls to the
+ repository, but also finer-grained access restrictions
+ placed on specific files and directories within the
+ repository. To make use of this feature, you need to define
+ a file containing more detailed rules, and then set
+ the <literal>authz-db</literal> variable to point to
+ it:</para>
<informalexample>
<programlisting>
@@ -1222,7 +1228,7 @@
an option. All clients are able to use CRAM-MD5, whether
they have SASL capabilities or not.</para>
- </sect3>
+ </sect3>
<sect3 id="svn.serverconfig.svnserve.sasl.encryption">
<title>SASL encryption</title>
@@ -1258,9 +1264,8 @@
128-bit encryption, but no more than 256-bit
encryption.</para>
- </sect3>
-
- </sect2>
+ </sect3>
+ </sect2>
<!-- ===============================================================
-->
<sect2 id="svn.serverconfig.svnserve.sshauth">
@@ -1322,8 +1327,8 @@
program prompting for authentication, and
<emphasis>not</emphasis> the <command>svn</command> client
program. That means there's no automatic password-caching
- going on (see <xref
linkend="svn.serverconfig.netmodel.credcache"/>). The
- Subversion client often makes multiple connections to the
+ going on (see <xref
linkend="svn.serverconfig.netmodel.credcache"/>).
+ The Subversion client often makes multiple connections to the
repository, though users don't normally notice this due to the
password caching feature. When using
<literal>svn+ssh://</literal> URLs, however, users may be
@@ -1554,9 +1559,7 @@
the physical page of a book.</para>
</sect3>
-
</sect2>
-
</sect1>
@@ -1638,7 +1641,6 @@
</informalexample>
</sidebar>
-
<!-- ===============================================================
-->
<sect2 id="svn.serverconfig.httpd.prereqs">
<title>Prerequisites</title>
@@ -1732,7 +1734,6 @@
</programlisting>
</informalexample>
-
<para>At a later location in your configuration file, you now
need to tell Apache where you keep your Subversion repository
(or repositories). The <literal>Location</literal> directive
@@ -1753,13 +1754,13 @@
following <filename>httpd.conf</filename> syntax:</para>
<informalexample>
- <programlisting>
+ <programlisting>
<Location /repos>
DAV svn
SVNPath /var/svn/repository
</Location>
</programlisting>
- </informalexample>
+ </informalexample>
<para>If you plan to support multiple Subversion repositories
that will reside in the same parent directory on your local
@@ -1775,7 +1776,7 @@
syntax in the following example:</para>
<informalexample>
- <programlisting>
+ <programlisting>
<Location /svn>
DAV svn
@@ -1783,7 +1784,7 @@
SVNParentPath /var/svn
</Location>
</programlisting>
- </informalexample>
+ </informalexample>
<para>Using this syntax, Apache will delegate the
handling of all URLs whose path portions begin with
@@ -2192,7 +2193,7 @@
<literal>Require</literal> directive, take a look at the
<literal>Security</literal> section of the Apache
documentation's tutorials collection at <ulink
-
url="http://httpd.apache.org/docs-2.0/misc/tutorials.html"/>.</para>
+
url="http://httpd.apache.org/docs-2.0/misc/tutorials.html"/>.</para>
</sect3>
@@ -2452,8 +2453,12 @@
responses:</para>
<itemizedlist>
- <listitem><para>A server certificate</para></listitem>
- <listitem><para>A challenge for a client
certificate</para></listitem>
+ <listitem>
+ <para>A server certificate</para>
+ </listitem>
+ <listitem>
+ <para>A challenge for a client certificate</para>
+ </listitem>
</itemizedlist>
<sect4 id="svn.serverconfig.httpd.ssl.client.servercert">
@@ -2574,9 +2579,7 @@
storing the passphrase in the clear on disk.</para>
</sect4>
-
</sect3>
-
</sect2>
<!-- ===============================================================
-->
@@ -2722,26 +2725,25 @@
browsing.</para>
<para>To make this happen, you need only to make sure that
- your files have the
- proper <literal>svn:mime-type</literal> set. We discuss this
- in more detail in
+ your files have the proper <literal>svn:mime-type</literal>
+ set. We discuss this in more detail in
<xref linkend="svn.advanced.props.special.mime-type"/>,
and you can even configure your client to automatically
attach proper <literal>svn:mime-type</literal> properties
to files entering the repository for the first time; see
<xref linkend="svn.advanced.props.auto"/>.</para>
- <para>So in our example, if one were to set
- the <literal>svn:mime-type</literal> property
- to <literal>text/html</literal> on
- file <filename>foo.html</filename>, Apache would
- properly tell your web browser to render the file as HTML.
- One could also attach proper <literal>image/*</literal>
- MIME-type properties to image files and ultimately get an
- entire web site to be viewable directly from a repository!
- There's generally no problem with this, as long as the web
- site doesn't contain any dynamically generated
- content.</para>
+ <para>Continuing our example, if one were to set
+ the <literal>svn:mime-type</literal> property
+ to <literal>text/html</literal> on
+ file <filename>foo.html</filename>, Apache would properly
+ tell your web browser to render the file as HTML. One
+ could also attach proper <literal>image/*</literal>
+ MIME-type properties to image files and ultimately get an
+ entire web site to be viewable directly from a repository!
+ There's generally no problem with this, as long as the web
+ site doesn't contain any dynamically generated
+ content.</para>
</sect4>
@@ -2773,20 +2775,21 @@
…
</Location>
</programlisting>
- </informalexample>
-
- <para>Using the <literal>SVNIndexXSLT</literal> directive and
- a creative XSLT stylesheet, you can make your directory
- listings match the color schemes and imagery used in other
- parts of your web site. Or, if you'd prefer, you can use
- the sample stylesheets provided in the Subversion source
- distribution's <filename>tools/xslt/</filename> directory.
- Keep in mind that the path provided to the
- <literal>SVNIndexXSLT</literal> directory is actually a URL
- path—browsers need to be able to read your
- stylesheets to make use of them!</para>
-
- </sect4>
+ </informalexample>
+
+ <para>Using the <literal>SVNIndexXSLT</literal> directive
+ and a creative XSLT stylesheet, you can make your
+ directory listings match the color schemes and imagery
+ used in other parts of your web site. Or, if you'd
+ prefer, you can use the sample stylesheets provided in the
+ Subversion source distribution's
+ <filename>tools/xslt/</filename> directory.
+ Keep in mind that the path provided to the
+ <literal>SVNIndexXSLT</literal> directory is actually a
+ URL path—browsers need to be able to read your
+ stylesheets to make use of them!</para>
+
+ </sect4>
<sect4 id="svn.serverconfig.httpd.extra.browsing.reposlisting">
<title>Listing repositories</title>
@@ -2810,14 +2813,13 @@
</informalexample>
<para>If a user now points her web browser to the
- URL <literal>http://host.example.com/svn/</literal>, she'll
- see a list of all Subversion repositories sitting
- in <filename>/var/svn</filename>. Obviously, this can
- be a security problem, so this feature is turned off by
- default.</para>
+ URL <literal>http://host.example.com/svn/</literal>,
+ she'll see a list of all Subversion repositories sitting
+ in <filename>/var/svn</filename>. Obviously, this can be
+ a security problem, so this feature is turned off by
+ default.</para>
</sect4>
-
</sect3>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-->
@@ -2917,7 +2919,7 @@
<informalexample>
<screen>
[26/Jan/2007:22:24:20 -0600] - get-dir /tags r1729 props
-[26/Jan/2007:22:24:27 -0600] - update /trunk r1729 depth=infinity
send-copyfrom-args
+[26/Jan/2007:22:24:27 -0600] - update /trunk r1729 depth=infinity
[26/Jan/2007:22:25:29 -0600] - status /trunk/foo r1729 depth=infinity
[26/Jan/2007:22:25:31 -0600] sally commit r1730
</screen>
@@ -3200,8 +3202,7 @@
proxying system.</para> </sidebar>
</sect4>
-
- </sect3>
+ </sect3>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-->
<sect3 id="svn.serverconfig.httpd.extra.other">
@@ -3240,9 +3241,7 @@
<xref linkend="svn.ref.mod_dav_svn.conf.directives"/>.</para>
</sect3>
-
</sect2>
-
</sect1>
<!-- =================================================================
-->
@@ -3510,14 +3509,15 @@
</informalexample>
<para>Another important fact is that group permissions are not
- overridden by individual user permissions. Rather, the
- <emphasis>combination</emphasis> of all matching permissions is
- granted. In the prior example, Jane is a member of the
- <literal>paint-developers</literal> group, which has read/write access.
- Combined with the <literal>jane = r</literal> rule, this still gives
- Jane read/write access. Permissions for group members can only be
extended
- beyond the permissions the group already has. Restricting users who are
- part of a group to less than their group's permissions is
impossible.</para>
+ overridden by individual user permissions. Rather, the
+ <emphasis>combination</emphasis> of all matching permissions is
+ granted. In the prior example, Jane is a member of the
+ <literal>paint-developers</literal> group, which has read/write
+ access. Combined with the <literal>jane = r</literal> rule,
+ this still gives Jane read/write access. Permissions for group
+ members can only be extended beyond the permissions the group
+ already has. Restricting users who are part of a group to less
+ than their group's permissions is impossible.</para>
<para>Groups can also be defined to contain other groups:</para>
@@ -3637,8 +3637,7 @@
</programlisting>
</informalexample>
- <!-- TODO(sussman): Once serf becomes officially support, this
- sidebar will need to be revisited. -->
+ <!-- ### FIXME: This is very Neon-specific. -->
<sidebar>
<title>Partial Readability and Checkouts</title>
@@ -3815,10 +3814,6 @@
</sidebar>
</sect1>
-
-
-
-
</chapter>
<!--
More information about the svnbook-dev
mailing list