[svnbook] r3960 committed - * src/en/book/ch06-server-configuration.xml...

svnbook at googlecode.com svnbook at googlecode.com
Fri Aug 5 11:36:04 CDT 2011


Revision: 3960
Author:   cmpilato at gmail.com
Date:     Fri Aug  5 09:34:57 2011
Log:      * src/en/book/ch06-server-configuration.xml
   More read-thru edits, very nearly entirely of the XML formatting
   sort.  Yeah, because I get hung up on stuff like that.

http://code.google.com/p/svnbook/source/detail?r=3960

Modified:
  /trunk/src/en/book/ch06-server-configuration.xml

=======================================
--- /trunk/src/en/book/ch06-server-configuration.xml	Fri Aug  5 09:15:59  
2011
+++ /trunk/src/en/book/ch06-server-configuration.xml	Fri Aug  5 09:34:57  
2011
@@ -451,19 +451,25 @@
          <command>svnserve</command> program:</para>

        <itemizedlist>
-        <listitem><para>Run <command>svnserve</command> as a
-            standalone daemon, listening for
-            requests.</para></listitem>
-        <listitem><para>Have the Unix <command>inetd</command> daemon
+        <listitem>
+          <para>Run <command>svnserve</command> as a standalone
+            daemon, listening for requests.</para>
+        </listitem>
+        <listitem>
+          <para>Have the Unix <command>inetd</command> daemon
              temporarily spawn <command>svnserve</command> whenever a
-            request comes in on a certain port.</para></listitem>
-        <listitem><para>Have SSH invoke a
-            temporary <command>svnserve</command> over an encrypted
-            tunnel.</para></listitem>
-        <listitem><para>Run <command>svnserve</command> as a Microsoft
-            Windows service.</para></listitem>
-        <listitem><para>Run <command>svnserve</command> as a launchd
-            job.</para></listitem>
+            request comes in on a certain port.</para>
+        </listitem>
+        <listitem>
+          <para>Have SSH invoke a temporary <command>svnserve</command>
+            over an encrypted tunnel.</para>
+        </listitem>
+        <listitem>
+          <para>Run <command>svnserve</command> as a Microsoft Windows
+            service.</para></listitem>
+        <listitem>
+          <para>Run <command>svnserve</command> as a launchd job.</para>
+        </listitem>
        </itemizedlist>

        <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
-->
@@ -486,38 +492,37 @@
            <option>--listen-host</option> options to customize the
            exact port and hostname to <quote>bind</quote> to.</para>

-      <para>Once we successfully start <command>svnserve</command> as
-        explained previously, it makes every repository on your system
-        available to the network.  A client needs to specify an
-        <emphasis>absolute</emphasis> path in the repository URL.  For
-        example, if a repository is located at
-        <filename>/var/svn/project1</filename>, a client would
-        reach it via
-        <uri>svn://host.example.com/var/svn/project1</uri>.  To
-        increase security, you can pass the <option>-r</option> option
-        to <command>svnserve</command>, which restricts it to
-        exporting only repositories below that path.  For
-        example:</para>
-
-      <informalexample>
-        <screen>
+        <para>Once we successfully start <command>svnserve</command>
+          as explained previously, it makes every repository on your
+          system available to the network.  A client needs to specify
+          an <emphasis>absolute</emphasis> path in the repository URL.
+          For example, if a repository is located at
+          <filename>/var/svn/project1</filename>, a client would reach
+          it via <uri>svn://host.example.com/var/svn/project1</uri>.
+          To increase security, you can pass the <option>-r</option>
+          option to <command>svnserve</command>, which restricts it to
+          exporting only repositories below that path.  For
+          example:</para>
+
+        <informalexample>
+          <screen>
  $ svnserve -d -r /var/svn
  …
  </screen>
-      </informalexample>
-
-      <para>Using the <option>-r</option> option effectively
-        modifies the location that the program treats as the root of
-        the remote filesystem space.  Clients then use URLs that
-        have that path portion removed from them, leaving much
-        shorter (and much less revealing) URLs:</para>
-
-      <informalexample>
-        <screen>
+        </informalexample>
+
+        <para>Using the <option>-r</option> option effectively
+          modifies the location that the program treats as the root of
+          the remote filesystem space.  Clients then use URLs that
+          have that path portion removed from them, leaving much
+          shorter (and much less revealing) URLs:</para>
+
+        <informalexample>
+          <screen>
  $ svn checkout svn://host.example.com/project1
  …
  </screen>
-      </informalexample>
+        </informalexample>

        </sect3>

@@ -536,47 +541,47 @@
            <command>svnserve</command>.</para>

          <informalexample>
-        <screen>
+          <screen>
  $ svnserve -i
  ( success ( 1 2 ( ANONYMOUS ) ( edit-pipeline ) ) )
  </screen>
-      </informalexample>
-
-      <para>When invoked with the <option>--inetd</option> option,
-        <command>svnserve</command> attempts to speak with a
-        Subversion client via <filename>stdin</filename> and
-        <filename>stdout</filename> using a custom protocol.  This is
-        the standard behavior for a program being run via
-        <command>inetd</command>.  The IANA has reserved port 3690 for
-        the Subversion protocol, so on a Unix-like system you can add
-        lines to <filename>/etc/services</filename> such as these (if
-        they don't already exist):</para>
-
-      <informalexample>
-        <screen>
+        </informalexample>
+
+        <para>When invoked with the <option>--inetd</option> option,
+          <command>svnserve</command> attempts to speak with a
+          Subversion client via <filename>stdin</filename> and
+          <filename>stdout</filename> using a custom protocol.  This
+          is the standard behavior for a program being run via
+          <command>inetd</command>.  The IANA has reserved port 3690
+          for the Subversion protocol, so on a Unix-like system you
+          can add lines to <filename>/etc/services</filename> such as
+          these (if they don't already exist):</para>
+
+        <informalexample>
+          <screen>
  svn           3690/tcp   # Subversion
  svn           3690/udp   # Subversion
  </screen>
-      </informalexample>
-
-      <para>If your system is using a classic Unix-like
-        <command>inetd</command> daemon, you can add this line to
-        <filename>/etc/inetd.conf</filename>:</para>
-
-      <informalexample>
-        <screen>
+        </informalexample>
+
+        <para>If your system is using a classic Unix-like
+          <command>inetd</command> daemon, you can add this line to
+          <filename>/etc/inetd.conf</filename>:</para>
+
+        <informalexample>
+          <screen>
  svn stream tcp nowait svnowner /usr/bin/svnserve svnserve -i
  </screen>
-      </informalexample>
-
-      <para>Make sure <quote>svnowner</quote> is a user that has
-        appropriate permissions to access your repositories.  Now,
-        when a client connection comes into your server on port 3690,
-        <command>inetd</command> will spawn an
-        <command>svnserve</command> process to service it.  Of course,
-        you may also want to add <option>-r</option> to the
-        configuration line as well, to restrict which repositories are
-        exported.</para>
+        </informalexample>
+
+        <para>Make sure <quote>svnowner</quote> is a user that has
+          appropriate permissions to access your repositories.  Now,
+          when a client connection comes into your server on port
+          3690, <command>inetd</command> will spawn an
+          <command>svnserve</command> process to service it.  Of
+          course, you may also want to add <option>-r</option> to the
+          configuration line as well, to restrict which repositories
+          are exported.</para>

        </sect3>

@@ -1022,12 +1027,13 @@
          </informalexample>

          <para>The server process understands not only
-        these <quote>blanket</quote> access controls to the
-        repository, but also finer-grained access restrictions placed
-        on specific files and directories within the repository.  To
-        make use of this feature, you need to define a file containing
-        more detailed rules, and then set
-        the <literal>authz-db</literal> variable to point to it:</para>
+          these <quote>blanket</quote> access controls to the
+          repository, but also finer-grained access restrictions
+          placed on specific files and directories within the
+          repository.  To make use of this feature, you need to define
+          a file containing more detailed rules, and then set
+          the <literal>authz-db</literal> variable to point to
+          it:</para>

          <informalexample>
            <programlisting>
@@ -1222,7 +1228,7 @@
            an option.  All clients are able to use CRAM-MD5, whether
            they have SASL capabilities or not.</para>

-        </sect3>
+      </sect3>

        <sect3 id="svn.serverconfig.svnserve.sasl.encryption">
          <title>SASL encryption</title>
@@ -1258,9 +1264,8 @@
            128-bit encryption, but no more than 256-bit
            encryption.</para>

-        </sect3>
-
-      </sect2>
+      </sect3>
+    </sect2>

      <!-- ===============================================================  
-->
      <sect2 id="svn.serverconfig.svnserve.sshauth">
@@ -1322,8 +1327,8 @@
          program prompting for authentication, and
          <emphasis>not</emphasis> the <command>svn</command> client
          program.  That means there's no automatic password-caching
-        going on (see <xref  
linkend="svn.serverconfig.netmodel.credcache"/>).  The
-        Subversion client often makes multiple connections to the
+        going on (see <xref  
linkend="svn.serverconfig.netmodel.credcache"/>).
+        The Subversion client often makes multiple connections to the
          repository, though users don't normally notice this due to the
          password caching feature.  When using
          <literal>svn+ssh://</literal> URLs, however, users may be
@@ -1554,9 +1559,7 @@
            the physical page of a book.</para>

        </sect3>
-
      </sect2>
-
    </sect1>


@@ -1638,7 +1641,6 @@
        </informalexample>
      </sidebar>

-
      <!-- ===============================================================  
-->
      <sect2 id="svn.serverconfig.httpd.prereqs">
        <title>Prerequisites</title>
@@ -1732,7 +1734,6 @@
  </programlisting>
        </informalexample>

-
        <para>At a later location in your configuration file, you now
          need to tell Apache where you keep your Subversion repository
          (or repositories).  The <literal>Location</literal> directive
@@ -1753,13 +1754,13 @@
          following <filename>httpd.conf</filename> syntax:</para>

        <informalexample>
-          <programlisting>
+        <programlisting>
  <Location /repos>
    DAV svn
    SVNPath /var/svn/repository
  </Location>
  </programlisting>
-        </informalexample>
+      </informalexample>

        <para>If you plan to support multiple Subversion repositories
          that will reside in the same parent directory on your local
@@ -1775,7 +1776,7 @@
          syntax in the following example:</para>

        <informalexample>
-          <programlisting>
+        <programlisting>
  <Location /svn>
    DAV svn

@@ -1783,7 +1784,7 @@
    SVNParentPath /var/svn
  </Location>
  </programlisting>
-        </informalexample>
+      </informalexample>

        <para>Using this syntax, Apache will delegate the
          handling of all URLs whose path portions begin with
@@ -2192,7 +2193,7 @@
            <literal>Require</literal> directive, take a look at the
            <literal>Security</literal> section of the Apache
            documentation's tutorials collection at <ulink
-            
url="http://httpd.apache.org/docs-2.0/misc/tutorials.html"/>.</para>
+           
url="http://httpd.apache.org/docs-2.0/misc/tutorials.html"/>.</para>

        </sect3>

@@ -2452,8 +2453,12 @@
            responses:</para>

          <itemizedlist>
-          <listitem><para>A server certificate</para></listitem>
-          <listitem><para>A challenge for a client  
certificate</para></listitem>
+          <listitem>
+            <para>A server certificate</para>
+          </listitem>
+          <listitem>
+            <para>A challenge for a client certificate</para>
+          </listitem>
          </itemizedlist>

          <sect4 id="svn.serverconfig.httpd.ssl.client.servercert">
@@ -2574,9 +2579,7 @@
              storing the passphrase in the clear on disk.</para>

          </sect4>
-
        </sect3>
-
      </sect2>

      <!-- ===============================================================  
-->
@@ -2722,26 +2725,25 @@
              browsing.</para>

            <para>To make this happen, you need only to make sure that
-            your files have the
-            proper <literal>svn:mime-type</literal> set.  We discuss this
-            in more detail in
+            your files have the proper <literal>svn:mime-type</literal>
+            set.  We discuss this in more detail in
              <xref linkend="svn.advanced.props.special.mime-type"/>,
              and you can even configure your client to automatically
              attach proper <literal>svn:mime-type</literal> properties
              to files entering the repository for the first time; see
              <xref linkend="svn.advanced.props.auto"/>.</para>

-          <para>So in our example, if one were to set
-          the <literal>svn:mime-type</literal> property
-          to <literal>text/html</literal> on
-          file <filename>foo.html</filename>, Apache would
-          properly tell your web browser to render the file as HTML.
-          One could also attach proper <literal>image/*</literal>
-          MIME-type properties to image files and ultimately get an
-          entire web site to be viewable directly from a repository!
-          There's generally no problem with this, as long as the web
-          site doesn't contain any dynamically generated
-          content.</para>
+          <para>Continuing our example, if one were to set
+            the <literal>svn:mime-type</literal> property
+            to <literal>text/html</literal> on
+            file <filename>foo.html</filename>, Apache would properly
+            tell your web browser to render the file as HTML.  One
+            could also attach proper <literal>image/*</literal>
+            MIME-type properties to image files and ultimately get an
+            entire web site to be viewable directly from a repository!
+            There's generally no problem with this, as long as the web
+            site doesn't contain any dynamically generated
+            content.</para>

          </sect4>

@@ -2773,20 +2775,21 @@
    …
  </Location>
  </programlisting>
-        </informalexample>
-
-         <para>Using the <literal>SVNIndexXSLT</literal> directive and
-           a creative XSLT stylesheet, you can make your directory
-           listings match the color schemes and imagery used in other
-           parts of your web site.  Or, if you'd prefer, you can use
-           the sample stylesheets provided in the Subversion source
-           distribution's <filename>tools/xslt/</filename> directory.
-           Keep in mind that the path provided to the
-           <literal>SVNIndexXSLT</literal> directory is actually a URL
-           path—browsers need to be able to read your
-           stylesheets to make use of them!</para>
-
-         </sect4>
+          </informalexample>
+
+          <para>Using the <literal>SVNIndexXSLT</literal> directive
+            and a creative XSLT stylesheet, you can make your
+            directory listings match the color schemes and imagery
+            used in other parts of your web site.  Or, if you'd
+            prefer, you can use the sample stylesheets provided in the
+            Subversion source distribution's
+            <filename>tools/xslt/</filename> directory.
+            Keep in mind that the path provided to the
+            <literal>SVNIndexXSLT</literal> directory is actually a
+            URL path—browsers need to be able to read your
+            stylesheets to make use of them!</para>
+
+        </sect4>

          <sect4 id="svn.serverconfig.httpd.extra.browsing.reposlisting">
            <title>Listing repositories</title>
@@ -2810,14 +2813,13 @@
            </informalexample>

            <para>If a user now points her web browser to the
-          URL <literal>http://host.example.com/svn/</literal>, she'll
-          see a list of all Subversion repositories sitting
-          in <filename>/var/svn</filename>.  Obviously, this can
-          be a security problem, so this feature is turned off by
-          default.</para>
+            URL <literal>http://host.example.com/svn/</literal>,
+            she'll see a list of all Subversion repositories sitting
+            in <filename>/var/svn</filename>.  Obviously, this can be
+            a security problem, so this feature is turned off by
+            default.</para>

          </sect4>
-
        </sect3>

        <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
-->
@@ -2917,7 +2919,7 @@
          <informalexample>
            <screen>
  [26/Jan/2007:22:24:20 -0600] - get-dir /tags r1729 props
-[26/Jan/2007:22:24:27 -0600] - update /trunk r1729 depth=infinity  
send-copyfrom-args
+[26/Jan/2007:22:24:27 -0600] - update /trunk r1729 depth=infinity
  [26/Jan/2007:22:25:29 -0600] - status /trunk/foo r1729 depth=infinity
  [26/Jan/2007:22:25:31 -0600] sally commit r1730
  </screen>
@@ -3200,8 +3202,7 @@
                proxying system.</para> </sidebar>

          </sect4>
-
-        </sect3>
+      </sect3>

        <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
-->
        <sect3 id="svn.serverconfig.httpd.extra.other">
@@ -3240,9 +3241,7 @@
            <xref linkend="svn.ref.mod_dav_svn.conf.directives"/>.</para>

        </sect3>
-
      </sect2>
-
    </sect1>

    <!-- =================================================================  
-->
@@ -3510,14 +3509,15 @@
      </informalexample>

      <para>Another important fact is that group permissions are not
-    overridden by individual user permissions. Rather, the
-    <emphasis>combination</emphasis> of all matching permissions is
-    granted.  In the prior example, Jane is a member of the
-    <literal>paint-developers</literal> group, which has read/write access.
-    Combined with the <literal>jane = r</literal> rule, this still gives
-    Jane read/write access.  Permissions for group members can only be  
extended
-    beyond the permissions the group already has. Restricting users who are
-    part of a group to less than their group's permissions is  
impossible.</para>
+      overridden by individual user permissions. Rather, the
+      <emphasis>combination</emphasis> of all matching permissions is
+      granted.  In the prior example, Jane is a member of the
+      <literal>paint-developers</literal> group, which has read/write
+      access.  Combined with the <literal>jane = r</literal> rule,
+      this still gives Jane read/write access.  Permissions for group
+      members can only be extended beyond the permissions the group
+      already has. Restricting users who are part of a group to less
+      than their group's permissions is impossible.</para>

      <para>Groups can also be defined to contain other groups:</para>

@@ -3637,8 +3637,7 @@
  </programlisting>
      </informalexample>

-    <!-- TODO(sussman): Once serf becomes officially support, this
-         sidebar will need to be revisited. -->
+    <!-- ### FIXME: This is very Neon-specific. -->
      <sidebar>
        <title>Partial Readability and Checkouts</title>

@@ -3815,10 +3814,6 @@
      </sidebar>

    </sect1>
-
-
-
-
  </chapter>

  <!--




More information about the svnbook-dev mailing list