Apache and SVN configuration with user permissions

This tutorial shows how to configure Apache+SVN couple.

1. First of all you should install Apache Httpd server (version 2.4 in this case) with DAV_SVN module and subversion client:

yum -y install httpd mod_dav_svn subversion

2. Check installed modules are turned on:

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_user_module modules/mod_authz_user.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule dontdothat_module  modules/mod_dontdothat.so

3. Configure repository folder in http.conf:

<Directory "/srv/svn/repos">
    Options None
    AllowOverride None
    Require all granted

4. Add virtual host:

<VirtualHost *:80>
    ServerName svn.domain.com
    DocumentRoot "/srv/svn"
    ErrorLog "/srv/svn/log/svn.domain.com_error_log"
    CustomLog "/srv/svn/log/svn.domain.com_access_log" common
    TransferLog "/srv/svn/log/svn.domain.com_transfer_log"

    LimitXMLRequestBody 0
    LimitRequestBody 0

    <Location />
        DAV svn
        SVNParentPath "/srv/svn/repos"
        SVNListParentPath on
        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile "/srv/svn/svn.passwd"
        AuthzSVNAccessFile "/srv/svn/svn.access"
        Require valid-user

5. Create passwd file “/srv/svn/svn.passwd”:

htpasswd -c -b /srv/svn/svn.passwd tom tomPasswordHere
htpasswd -b /srv/svn/svn.passwd jerry jerryPasswordHere
htpasswd -b /srv/svn/svn.passwd spike spikePasswordHere

6. Create access file “/srv/svn/svn.access”:

adminGroup = tom
otherGroup = jerry,spike

* =
@adminGroup = rw

@otherGroup = rw

@otherGroup = r

So, as you see adminGroup has full access to php repository.
But otherGroup has write access to project42 and only read permissions on projectGood.

Also see http://stackoverflow.com/questions/81361/how-to-setup-access-control-in-svn

Subversion (SVN) tricks

When you use Subversion as a source control management system it is useful to know some magic commands.

The next command cleans, updates, adds and shows status of local repository:

  svn cleanup \
    && echo "-UPDATE-" && svn up \
    && echo "-ADD-" && svn add * --force \
    && echo "-STATUS-" && svn st

After you can commit changes with:

  svn ci -m "your comment..."

More info on https://subversion.apache.org/ and http://svnbook.red-bean.com/

Remove kernel in CentOS

After unsuccessful upgrade of kernel you have to fix linux OS.
To delete invalid kernel in case of CentOS do next steps.

1. Show kernel list:

  rpm -q kernel

And you’ll see output:


2. Delete corrupted kernel:

  rpm -e kernel-3.10.0-327.22.2.el7.x86_64

3. Reboot.
So, you system downgraded!

Thanx to http://blog.zwiegnet.com/linux-server/delete-oldcorrupt-linux-kernel-centos/

Adding manifest attributes to existing JAR file

To modify manifest in external existing JAR file in JAVA do:

                            <jar update="true" 
                                    <attribute name="Class-Path" 

Thanx to http://stackoverflow.com/a/20634999


The bad idea is to compress JAR file with ZIP: http://stackoverflow.com/a/7085511

Using keystore in JAVA for Self-Signed SSL certificates

You may observe the next error when working with domains with self-signed certificate:

unable to find valid certification path to requested target

In this case you have to do next steps to allow java program trust to the given domain:

1. Get SSL certiicate for domain:

openssl s_client -connect somedomain.com:443 > cert1.cert

2. Generate java keystore:

D:\runtime\jdk8u45x64\bin\keytool -import -v -trustcacerts 
-file cert1.cert -keystore cacerts1.jks 
-alias somealias -keypass "changeit" -storepass "changeit"

Type “yes” when promts to accept certificate.

3. Add JVM arguments to your program:


4. (Optional) debug arguments:


Also available java arguments (in case of self signed certificates not useful):


Thanx to:

Execute command from other user in Linux

Linux OS is fluent to run commands under different user if you are logged as root.
Here are two ways to do it:

1. Using “SUDO” command:

  sudo -u <username> "<commands>"

Example: sudo -u www-data php occ

2. Using “SU” command:

  su - <username> -c "<commands>"

Example: su – www-data -c ‘php /var/www/html/console.php files:scan –all’

Thanx to http://askubuntu.com/a/606149

OwnCloud connection to server error

The OwnCloud is great replacement of google, yandex, dropbox disks. It is really useful and convenient tool to manage your private data.

There are few ways to connect to you server:
- web dav directly from OS
- browser access
- iOS/Android mobile OS

If you OwnCloud service is behind the Nginx server with SSL protection, you can see the next error when access from mobile client:

it is not possible to connect to the server at this time

After spending few days in searching the solution on forum https://forum.owncloud.org no one fix helped.

I paid attention in Admin panel on “Security & setup warnings” section:

The "Strict-Transport-Security" HTTP header 
is not configured to least "15768000" seconds. 
For enhanced security we recommend enabling HSTS 
as described in our security tips.

So, go ahead!

Just add the header to Nginx config (Strict-Transport-Security):

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

Restart Nginx and voila – mobile client will ask you to accept SSL certificate!