SVN Access Control with Apache

Subversion Setup.

Prerequisites are that subversion is installed on the host where you wish to configure
your svn repository.
If not, use the following commands.

sudo apt-get install subversion libapache2-svn

1. Create a group called subversion for accessing the repository.

sudo addgroup subversion
 

2. Add users to the host.
a. www-data, and list of users needing access to the tool.

sudo adduser [username] subversion // This handles both new and existing users.
   or
  sudo moduser -aG subversion [username]
 

3. Creating the SVN repository.
We are using [/opt/svn/repos/] as the base for multiple subversion repositories.

sudo mkdir -p /opt/svn/repos/anonyrep
 sudo mkdir -p /opt/svn/repos/mgmtrep
 sudo mkdir -p /opt/svn/repos/enggrep
 sudo mkdir -p /opt/svn/repos/opsrep
 sudo mkdir -p /opt/svn/repos/DemoRep
 sudo mkdir -p /opt/svn/repos/SalesRep
 
 sudo svnadmin create /opt/svn/repos/anonyrep
 sudo svnadmin create /opt/svn/repos/mgmtrep
 sudo svnadmin create /opt/svn/repos/enggrep
 sudo svnadmin create /opt/svn/repos/opsrep
 sudo svnadmin create /opt/svn/repos/DemoRep
 sudo svnadmin create /opt/svn/repos/SalesRep
 
 cd /opt/svn/
 sudo chown -R www-data:subversion repos
 sudo chmod -R g+rws repos
 

This completes the setup for the subversion repositories and the
directories.

4. Apache setup.
if Apache svn module is not installed, then install it using the following

sudo apt-get install libapache2-svn
 

After the above steps have been completed, now to setup access to the repository via http.

Since we have multiple repositories here, make the following entries in

/etc/apache2/mods-available/dav_svn.conf

                         
     DAV svn       // Uncomment this if commented, to enable SVN access over HTTP
     SVNParentPath /opt/svn/repos       // This is the path for the repository
     SVNListParentPath On
     AuthType Basic
     AuthName "Subversion Repository"
     AuthUserFile /etc/subversion/passwd  // File which contains list of authorized users.
     
        Require valid-user
     
  

If you have only one repository, you can use the following entry.

     DAV svn
     SVNPath /opt/svn/repos/devrepos
     AuthType Basic
     AuthName "devrepos subversion repository"
     AuthUserFile /etc/subversion/passwd
     
        Require valid-user
     
  

5. Restart apache

/etc/init.d/apache2 restart

6. Since, we have defined an AuthUserFile, we need to setup authorized users for 
 this repository. To do that, we need to perform the following steps.

sudo htpasswd -c /etc/subversion/passwd [username]
 
 Note: The -c flag is to be used only for the first entry. If you use -c flag for
 each entry, then you would end up overwriting the file.
 For subsequent entries to the file, use the following command.
 sudo htpasswd /etc/subversion/passwd [username]
 
 Use the command above to add subsequent users to the access list.
7. Create a new file for defining access control at the directory level.
   For example we will add an entry to the file dav_svn.conf, which refers to 
   this file.
   For the repository I am setting up, I created it in /opt/svn/repos/svn_acl.conf
   
Following are the contents of the file.
---------------------   
[mgmtrep:/]
ceo = rw

[enggrep:/]
cto = rw
demouser = rw
developer1 = rw
ceo = rw

[opsrep:/]
coo = rw
ceo = rw

[DemoRep:/]
cmo = rw
ceo = rw

[SalesRep:/]
cso = rw
ceo = rw

[anonyrep:/]
developer1 = rw
demouser = rw
---------------------
The entries in the square brackets correspond to the repositories in this svn
installation.

You can also refer to the document below to look at further examples for 
setting up finer path based authorization.

http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html
The above entry is for a environment with very small number of users. 
Ideally, you should be able to create groups and leverage them. You 
can do that using the following setup.

-----------------------
[groups]
mgmteam = ceo, cto, coo, cmo, cso
enggteam = developer1, demouser

[mgmtrep:/]
@mgmteam

[enggrep:/]
@mgmteam = r
@enggteam = rw
------------------------
8. Now comes the part where you uncomment/make entries in dav_svn.conf file.

sudo vi /etc/apache2/mods-available/dav_svn.conf
The entry in this file should now look as below.

                       
     DAV svn       
     SVNParentPath /opt/svn/repos       // This is the path for the repository
     SVNListParentPath On
     AuthType Basic
     AuthName "Subversion Repository"
     AuthUserFile /etc/subversion/passwd  // File which contains list of authorized users.
     AuthzSVNAccessFile /opt/svn/repos/svn_acl.conf // File which contains acl for each repository.
  Require valid-user
  
        Require valid-user
     
  
  
Now restart the apache server to reflect these changes.
 
/etc/init.d/apache2 restart
 
Now, you are all set with access control enabled subversion.
 
 
Please note, this was a setup that worked for me and my friend. 
 If you intend to use this as is, then,  try this on a test setup, before 
 you actually implement it on an SVN setup. That way, you wont end up messing 
 an existing repository.
I have followed the Ubuntu server guide as well as the subversion guide to setup svn.
https://help.ubuntu.com/community/Subversion
http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html

Data Store connection timeout in ExtJS

I have recently started working with the ExtJS javascript library. Its one of the coolest libraries that I have used so far. Initially it does look a bit intimidating, but then as you go through the samples and the different examples, you would get comfortable. And of course the forums are quite helpful.
Coming back to what this post is about.
For my project, we needed to display a grid report as per one of the business requirements. This report is based on a SQL query which takes sometime to run and it takes sometime to create a JSON object out of the result set. To be precise, it took 84 seconds for the data to be sent from the server.
What used to happen was that, for the first 30 seconds a display mask would be visible over the grid. But then at the end of the 30 seconds the display mask would disappear and the grid would be empty. The grid contained a data store which was fetching these records from the server
Even though, the data was being prepared at the server, it was not able to send the data to the client, since the connection used to timeout after 30 seconds.
After searching on Google, I came across a few suggestions, which asked me to include pagination in the grid. But then this was not acceptable to business. They wanted the whole report in one go.
After some more googling, I found that there is a connection object which can be defined for the data store. In this connection object, we can define the timeout limit. Once we define this connection object we can use this in our data store. And this solved my problem… at least for now. Following is the code snippet.

var connObj = new Ext.data.Connection({     
            timeout : 120000,      
            url : ‘/jsp/dataSourceURL’,      
            method : ‘POST’      
        });
var dataStore = new Ext.data.Store({     
            // load using HTTP      
            proxy : new Ext.data.HttpProxy(connObj),      
            reader : new Ext.data.JsonReader({      
                        root : ‘rows’,      
                        totalProperty : ‘results’      
                    }, recordFormat)      
        });

Hope this helps anyone stuck in a similar scenario.
Though, if budget permits, you can check a user extension called live grid. This seems good.
http://www.siteartwork.de/livegrid_demo/

Oracle 10g Installation on Fedora 9.

Yup, this is a release old for installation notes for Oracle 10g. But, I couldn’t get Fedora 10g installed. Some issues with the display. So had to rollback (reinstall) Fedora 9. And start with Oracle 10g installation on it. So here we go…
This is an adaptation of the installation steps as provided in the following website.
http://www.oracle-base.com/articles/10g/OracleDB10gR2InstallationOnFedora7.php
Thanks to Tim for his wonderful website!!
The steps that I mention below, are what I have done on my desktop. And this is for local database host for my self development purposes. I hope it helps others who are interested.
1. Please check the /etc/hosts file to check if you have an entry for a fully qualified host name.
I have the following entry:
[root@localhost wolverine]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost localhost
::1             localhost6.localdomain6 localhost6
192.168.1.111   cerebro cerebro
2. Add the following entries to /etc/sysctl.conf file.

kernel.shmall = 2097152
    kernel.shmmax = 2147483648
    kernel.shmmni = 4096
    # semaphores: semmsl, semmns, semopm, semmni
    kernel.sem = 250 32000 100 128
    fs.file-max = 65536
    net.ipv4.ip_local_port_range = 1024 65000
    net.core.rmem_default=262144
    net.core.rmem_max=262144
    net.core.wmem_default=262144
    net.core.wmem_max=262144

Run the command /sbin/sysctl –p to change the parameters at runtime.
3. Add the following entries to /etc/security/limits.conf file.

*               soft    nproc   2047
       *               hard    nproc   16384
       *               soft    nofile  1024
       *               hard    nofile  65536

4. Modify the file /etc/pam.d/login by adding following line if it doesn’t exist.

session    required     /lib/security/pam_limits.so

5. Disable secure linux by setting the SELINUX flag

SELINUX=disabled

6. Install the following.

yum install libXp libaio
     yum install compat-libstdc++* compat-libf2c* compat-gcc* compat-libgcc*

yum install tcl*

yum install compat-db*

yum install libXau-devel-*

  7.  Now comes the part for adding the users for Oracle Installation.

groupadd oinstall
      groupadd dba
      groupadd oper

      useradd -g oinstall -G dba oracle
      passwd oracle

   8.  Create directories required for Oracle, and assign the required privileges.

mkdir -p /u01/app/oracle/product/10.2.0/db_1
      chown -R oracle.oinstall /u01

   9.  Set up the .bash_profile with following entries.

# Oracle Settings
     TMP=/tmp; export TMP
     TMPDIR=$TMP; export TMPDIR

     ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
     ORACLE_HOME=$ORACLE_BASE/product/10.2.0/db_1; export ORACLE_HOME
     ORACLE_SID=TSH1; export ORACLE_SID
     ORACLE_TERM=xterm; export ORACLE_TERM
     PATH=/usr/sbin:$PATH; export PATH
     PATH=$ORACLE_HOME/bin:$PATH; export PATH

     LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib; export LD_LIBRARY_PATH
     CLASSPATH=$ORACLE_HOME/jre:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib; export CLASSPATH

     if [ $USER = "oracle" ]; then
       if [ $SHELL = "/bin/ksh" ]; then
         ulimit -p 16384
         ulimit -n 65536
     else
         ulimit -u 16384 -n 65536
       fi
     fi

10.  Unzip the database archive and cd to the database directory.
11. run the installer with the following option.
     runinstaller –ignoreSysPrereqs
     This will skip the check for the OS.
12. This will show the following screen.
    
13.  Click on next, which shows the following screen.
    

14.  Select the required Database installation option.
       
15. Specify the home details.
     
16. This will bring us to the next screen.
        
    For my installation, since I have chosen to not update the redhat-release file, I get the warnings
    These can be overridden using the check boxes.
17.  Select the database configuration options.
     

18.  Select the General Purpose option and click on proceed.
19.  This shows the next screen, clink on install to start the database installation.
20. Once the installation is completed (it went through successfully for me.) you will get another screen which helps configure the database.

21.  I would be using Custom Database option.
       Enter the required name as the SID.

22. The next screen gives option to select the backup and the database configuration options.
   Select the option for Enabling EM for Database configuration.

23. Click on next. This shows the screen as below:
  Define the required passwords:

24. As I mentioned that this is a dev database hosted on a desktop, I am using the file system option for the Database Storage.

25. Select the required option.

26. Click on next.

27. Click on next.
Define the memory options as required.

28. Click on next. This shows the installation parameters.

29. You can user the next screen to save the database configuration as a template if you wish to retain it.

30. Click finish.
This starts the process for Oracle instance creation and startup.
31. Once Instance creation is completed, the installer would prompt you for password management options.
32. The installer will then prompt you to run two scripts as the root user. Open another session and login as root and run the scripts as indicated in the popup.
33. Click on ok.
34. The Oracle installation is complete. The installer would provide you with information about the urls where you can use 10g EM and iSQLPlus.
Now you can try connecting through sqlplus and check if the installation is done correctly.
All the best!!

Nif – tee

This is another entry to my blog after a long hiatus. And I think, I can rev up my blog engine with a very small entry on a nifty unix tool named ‘tee’.
So what does tee do? It creates two output streams for the inputs it receives.
When the output from any command is piped into tee, it displays the output on the STDOUT, and also send the output into the argument to tee.
so something like below would display the output and also write it into the file passed as an argument to tee.

date | tee date_log.log

This would display the date on the STDOUT and also write it into date_log.log
Nifty isn’t it?

What a find...

One of the most powerful commands in Unix is the find command. Its amazing to see what all can be accomplished with this command. A question that was once asked to me was how to find all the files which contain a particular word in it.

For the sake of this example lets say the word in question was “xyz”
The person who asked was convinced that ls -ltr | grep -i “xyz” would work fine. NO. It does’nt. The reason is that, ls -ltr would give a text output, which would then be piped to the grep command.

So what would essentially happen is that the grep command would act on the names of the files being listed, rather than the contents of the files.

Ex: if the directory where you run ls -ltr contains three files, file1.txt, file2.txt, file3.txt the following output would be displayed.

-rw-r--r-- 1 oracle oinstall    0 Aug 24 18:24 file1.txt
-rw-r--r-- 1 oracle oinstall    0 Aug 24 18:24 file2.txt
-rw-r--r-- 1 oracle oinstall    0 Aug 24 18:25 file3.txt

And grep would act on this output. It would be the same as using grep on a file containing this data.
So how do we do this?

The find command comes in handy in such a scenario. The command which does the trick is below. I am assuming that the command is being run in the directory where the files are located. Alernatively, the entire path can also be provided.

find . -name “*.*” -exec grep -i “xyz” { } \; 

Note: There is a space in between the braces here. This is just for display purposes. Please remove it when typing the command.

The key part in the command giving the required results is the exec command which executes the commands grep -i “xyz” on every filename thats provided by the find command. The braces { } \; represent the filename from the find command.

This is just one of the options in the find command. There are plenty of others using which a variety of tasks can be accomplished using the most simplest methods.