Welcome Guest | Login

Create SVN repo without emailing support?

I'm running a multi-user SVN repo, created as per the instructions in:

http://www.hostingrails.com/forums/wiki_thread/23

As such, we connect to the repo over HTTP.

But it's inconvenient to have to email support every time I create a repo. Is there any way around this? I've read that the admins could create a group called "svnusers" or something similar, then put "nobody" and all customers in that group. This would, as I take it, allow users to run:

chgrp svnusers ~/svn/my_repo

Or, is the standard approach just to email support once, have one master repo, and put all your projects under that?

Also, is there any way to restrict browser access to the repo filesystem? Currently, I can view and download all the files, which strikes me as a security risk.

2008-05-23 10:02 AM

I found an elegant solution. Before I describe it, a caveat: I'm not a *nix expert. I just figured this method out, and I can't guarantee it doesn't open security holes. Use it at your own risk. (And if you can confirm that it's safe or unsafe, please post to this thread.)

First, set permissions on ~/svn to 777 (temporarily, of course). Next, install PHP Shell:

http://phpshell.sourceforge.net/

PHP Shell lets you execute commands as "nobody," i.e. the web server. With ~/svn set to 777, you can create directories in there as "nobody."

If you try "svnadmin create <your_project_name>" from PHP Shell, it fails with the following message:

svnadmin: Can't open file '/root/.subversion/servers': Permission denied

That's because it's looking in the wrong configuration directory. You need to tell it to use yours. First, chmod ~/.subversion to 777 (temporarily again!)

Now, from PHP Shell, you can run:

svnadmin create --config-dir /home/<your_username>/.subversion <your_project_name>

The repository will be created, and since it's owned by "nobody," it should be accessible over HTTP.

You'll also need to edit your authfile as explained in the link above.

Don't forget to chmod ~/svn and ~/.subversion back to 755!

2008-05-23 12:43 PM

But installing phpshell or enabling shell to nobody user is certainly something we can't do on a shared server. Thanks for your understanding.

2008-05-23 06:40 PM

Would the following be ok?

<?php

$my_username = 'myusername' // your HostingRails username
$username = 'Username of your choice'//doesn't have to be related to your HostingRails username in any way, but could be the same
$password = 'A Very Strong Password'

if ($_POST('username') == $username and $_POST['password'] == $password) {
	system("svnadmin create --config-dir /home/{$myusername}/.subversion /home/{$myusername}/svn/{$_POST['repo_name']}");
}

?>

<form>
<p>
Username:<input type="text" name="username"/>
</p>

<p>
	Password:<input type="password" name="password"/>
</p>

<p>
	New repo name:</input type="text" name="repo_name"/>
</p>

<p>
	<input type="submit" value="Create repo"/>
</p>
</form>

I haven't tested this code. I'm just wondering if an approach similar to this would be acceptable.

2008-05-27 11:50 AM

Hi Msjb,

Thank you for the php script for automating  the Svn repository ownership. I have made some minor corrections in order to make the php and html pages to load properly via browser.

You can follow the given steps to create a Svn repo of ownership- nobody.nobody.

1) chmod 777 ~/.subversion
2) chmod 777 ~/svn
3)Create a subdomain as "phpsvn.domain.com" from the cPanel. Make the default document root of this subdoamin  point to "/home/username/phpsvn"  in order to avoid the rails app conflicts.  Create the two files as index.html and login.php with the following contents

############index.html################
==================================
<form action ="login.php" method="POST" >
<p>
Username:<input type="text" name="username"/>
</p>

<p>
       Password:<input type="password" name="password"/>
</p>

<p>
       New repo name:<input type="text" name="repo_name"/>
</p>

<p>
       <input type="submit" value="Create repo"/>
</p>
</form>
==================================

####################login.php##############
====================================

<?php

$myusername = 'Account_username';
$username = 'repo_username' ;
$password = 'repo_password';

if ($_POST['username'] == $username and $_POST['password'] == $password) {
       system("svnadmin create --config-dir /home/{$myusername}/.subversion /home/{$myusername}/svn/{$_POST['repo_name']}");
}

?>

=====================================

By accessing the subdomain
"phpsvn.domainname.com" you will get the prompt to give the username,password and name of the repository.  

4) Revert back the permissions given to ~/svn and ~/.subversion directories after creating the Repo.

2008-05-27 10:17 PM

Thanks, Vinayan!

I've been working on a Ruby script to automate the whole process. Here's what I have. It seems to work for me, but your mileage may vary.

First is svn_setup.rb, which you execute as yourself. Usage:

ruby svn_setup.rb repo_name

# OR

ruby svn_setup.rb repo_name remove
Here's the script:

# svn_setup.rb
my_domain = 'example.com' # Do not include http://
php_username = 'svn_admin'
php_password = 'a very strong password'
rw_users = ['first_svn_username', 'second_svn_username', 'etc'] # These all need to be present in ~/authfiles/svn-htpasswd
repo_name = ARGV[0]
action = (ARGV.length > 1 and ARGV[1] == 'remove') ? :remove : :create
my_username = `whoami`.chomp

require 'net/http'

begin

# Temporarily relax permissions so the webserver can get in there
puts 'Relaxing permissions on ~/svn and ~/.subversion'
File.chmod 0777, "/home/#{my_username}/svn"
File.chmod 0777, "/home/#{my_username}/.subversion"

# Run the PHP script to create the repo
puts 'Sending request to PHP script'
url = "http://#{my_domain}/svn_setup.php?username=#{php_username}&password=#{php_password}&repo_name=#{repo_name}&action=#{action.to_s}"
puts "--Begin output from PHP script"
puts Net::HTTP.get(URI.parse(url))
puts "--End output from PHP script"

# Give permissions to our SVN users
if action == :create
	puts 'Adding entries to svn-access.conf'
	access_conf = File.open("/home/#{my_username}/authfiles/svn-access.conf", 'a+')
	access_conf << "\n[#{repo_name}:/]\n* = \n"
	rw_users.each do |user|
  access_conf << "#{user} = rw\n"
	end
end

ensure

# Tighten up permissions
puts 'Tightening permissions on ~/svn and ~/.subversion'
File.chmod 0755, "/home/#{my_username}/svn"
File.chmod 0755, "/home/#{my_username}/.subversion"

# Reminder to the user
if action == :remove
	puts "\nYou'll have to manually remove the entries from ~/authfiles/svn-access.conf. (For safety, we'd rather not do any automatic deletion from that file!)"
end

end
Next is svn_setup.php, which executes as nobody. Be sure to put this in ~/public_html or make it web-accessible in some other way (e.g. with a symlink).

// svn_setup.php
<?php
// Using GET for this is technically not correct, but in this context, it probably doesn't matter

$my_username = 'example'; // your HostingRails account username
$username = 'svn_admin';
$password = 'a very strong password';

if ($_GET['username'] == $username and $_GET['password'] == $password) {
	if (!isset($_GET['repo_name']) or strlen($_GET['repo_name']) == 0) {
  echo 'No repo name specified';
	} else {
  if (isset($_GET['action']) and $_GET['action'] == 'remove') {
  	$cmd = "rm -rf /home/{$my_username}/svn/{$_GET['repo_name']}";
  } else {
  	$cmd = "svnadmin create --config-dir /home/{$my_username}/.subversion /home/{$my_username}/svn/{$_GET['repo_name']}";
  }
  system($cmd);
  echo "Ran '$cmd'";
	}
} else {
	echo 'Incorrect username or password';
}

?>

2008-05-28 10:52 AM


Hello Guest! In order to post you must be an active client with us, please log in or sign up today!