svnserve.conf(5) File Formats Manual svnserve.conf(5)NAME
svnserve.conf - Repository configuration file for svnserve
svnserve.conf controls the behavior of the svnserve daemon on a per-repository basis. It is located in the conf subdirectory of the repos-
The overall structure of the file is the same as the structure of Subversion user configuration files. At the top level are sections,
which are specified by words in square brackets; inside each section are variable definitions of the form "variable = value". Lines begin-
ning with '#' are ignored. svnserve.conf currently uses only one section named "general", and supports the following variables:
anon-access = none|read|write
Determines the access level for unauthenticated users. write access allows all repository operations. read access allows all opera-
tions except committing and changing revision properties. none access allows no access. The default level is read.
auth-access = none|read|write
Determines the access level for authenticated users, using the same access levels as above. The default level is write.
password-db = filename
Sets the location of the password database. filename may be relative to the repository conf directory. There is no default value.
The password database has the same overall format as this file. It uses only one section "users"; each variable within the section is
a username, and each value is a password.
authz-db = filename
The authz-db option controls the location of the authorization rules for path-based access control. filename may be relative to the
repository conf directory. There is no default value. If you don't specify an authz-db, no path-based access control is done.
realm = realm-name
Sets the authentication realm of the repository. If two repositories have the same password database, they should have the same
realm, and vice versa; this association allows clients to use a single cached password for several repositories. The default realm
value is the repository's uuid.
The following example svnserve.conf allows read access for authenticated users, no access for anonymous users, points to a passwd database
in the same directory, and defines a realm name.
anon-access = none
auth-access = read
password-db = passwd
realm = My First Repository
The file "passwd" would look like:
joeuser = joepassword
jayrandom = randomjay
SEE ALSO svnserve(8)svnserve.conf(5)
Check Out this Related Man Page
svnserve(8) System Manager's Manual svnserve(8)NAME
svnserve - Server for the 'svn' repository access method
svnserve allows access to Subversion repositories using the svn network protocol. It can both run as a standalone server process, or it
can run out of inetd. You must choose a mode of operation when you start svnserve. The following options are recognized:
Causes svnserve to run in daemon mode. svnserve backgrounds itself and accepts and serves TCP/IP connections on the svn port (3690,
Causes svnserve to listen on port when run in daemon mode.
Causes svnserve to listen on the interface specified by host, which may be either a hostname or an IP address.
When used together with -d, this option causes svnserve to stay in the foreground. This option is mainly useful for debugging.
Causes svnserve to use the stdin/stdout file descriptors, as is appropriate for a daemon running out of inetd.
Displays a usage summary and exits.
Print svnserve's version and the repository filesystem back-end(s) a particular svnserve supports.
-r root, --root=root
Sets the virtual root for repositories served by svnserve. The pathname in URLs provided by the client will be interpreted relative
to this root, and will not be allowed to escape this root.
Force all write operations through this svnserve instance to be forbidden, overriding all other access policy configuration. Do not
use this option to set general repository access policy - that is what the conf/svnserve.conf repository configuration file is for.
This option should be used only to restrict access via a certain method of invoking svnserve - for example, to allow write access via
SSH, but not via a svnserve daemon, or to create a restricted SSH key which is only capable of read access.
Causes svnserve to run in tunnel mode, which is just like the inetd mode of operation (serve one connection over stdin/stdout) except
that the connection is considered to be pre-authenticated with the username of the current uid. This flag is selected by the client
when running over a tunnel agent.
When combined with --tunnel, overrides the pre-authenticated username with the supplied username. This is useful in combination with
the ssh authorized_key file's "command" directive to allow a single system account to be used by multiple committers, each having a
distinct ssh identity.
When running in daemon mode, causes svnserve to spawn a thread instead of a process for each connection. The svnserve process still
backgrounds itself at startup time.
When specified, svnserve reads filename once at program startup and caches the svnserve configuration and any passwords and authoriza-
tion configuration referenced from filename. svnserve will not read any per-repository conf/svnserve.conf files when this option is
used. See the svnserve.conf(5) man page for details of the file format for this option.
When specified, svnserve will write its process ID to filename.
Causes svnserve to accept one connection on the svn port, serve it, and exit. This option is mainly useful for debugging.
Unless the --config-file option was specified on the command line, once the client has selected a repository by transmitting its URL,
svnserve reads a file named conf/svnserve.conf in the repository directory to determine repository-specific settings such as what authenti-
cation database to use and what authorization policies to apply. See the svnserve.conf(5) man page for details of that file format.
SEE ALSO svnserve.conf(5)svnserve(8)