Setting up Subversion and websvn on Debian 

Purpose of this howto

This howto will illustrate a way to install and configure Subversion and websvn on a Debian server with the following features:

  • multiple repository Subversion
  • access to the repositories via WebDAV (http, https) and ssh
  • Linux system account access control and/or Apache level access control
  • a secured websvn (php web application for easy code browsing)
  • configured syntax coloring in websvn with gnu enscript
I will not specifically configure inetd with svnserve in this howto. Rest assured that Subversion will be totally functional without it. You can copy/paste most of the howto to get it working.

Packages that are assumed to already be installed

This howto assumes PHP and apache2 are installed and configured. Configuring apache2 with SSL is optional.

Setting up Subversion

Subversion packages

As root you can enter the following commands to install the packages required for our Subversion setup:

# apt-get update
# apt-get install subversion
# apt-get install libapache2-svn

The package libapache2-svn will install the subversion WebDAV apache module.

Creating and populating repositories

To work with in this howto we'll create two repos:

# mkdir /var/svn-repos/
# svnadmin create --fs-type fsfs /var/svn-repos/project_zen
# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat 

The repository directories need the proper permissions for apache and the other users. I'll make a group and add users to it (don't just copy/paste here). The apache user won't be put in the group because I find it less secure.

# groupadd subversion
# addgroup john subversion
# addgroup bert subversion
# addgroup you subversion
# chown -R www-data:subversion /var/svn-repos/*
# chmod -R 770 /var/svn-repos/*

Let's set up easy ssh connectivity, on a user machine enter the following commands:

$ mkdir ~/.ssh/
$ cd ~/.ssh/
$ ssh-keygen -t dsa
$ cat ~/.ssh/ | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"

The server is the server we installed Subversion on. For easy ssh use you can chose not to use a passphrase with your key or use an agent to keep authenticated. Otherwise each transaction between the user machine and Subversion will require the user to enter a password (very inconvenient). Using an agent can be done like this:

$ ssh-agent
$ ssh-add
$ ssh [email protected]

All should be set now to use the a repository. You may test it like this, it shows an import and a checkout:

$ mkdir ~/TEMP/
$ echo "testing svn" > ~/TEMP/testing.txt
$ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh://
$ svn co svn+ssh:// testcheckout

As a result the testing.txt file should be in a directory called testcheckout. On the serverside you can check the repositories with svnlook.

# svnlook tree /var/svn-repos/project_zen/

Configuring Subversion WebDAV

Normally the apache mod will be enabled by default, to ensure this is true enter the following commands:

# a2enmod dav
# a2enmod dav_svn

Configuration is done in the file /etc/apache2/mods-available/dav_svn.conf, but first we'll make an access file.

# htpasswd2 -c /etc/apache2/dav_svn.passwd you
# htpasswd2 /etc/apache2/dav_svn.passwd john
# htpasswd2 /etc/apache2/dav_svn.passwd sten

This is the content my /etc/apache2/mods-available/dav_svn.conf file:

		<Location /svn_zen>
DAV svn
SVNPath /var/svn-repos/project_zen
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user

<Location /svn_wombat>
DAV svn
SVNPath /var/svn-repos/project_wombat
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user

You can uncomment the SSLRequireSSL file if you don't want to use SSL, but then you need to use http and not https in the commands that follow. Apache should be restarted and we can test from a user machine. We'll import the same testfile in the wombat project.

# /etc/init.s/apache2 restart
$ svn import -m "testing over https" ~/TEMP/

Using a webbrowser you can visit your URL and see what was just committed. This is a basic on-line view on the repository, but using a web font-end like websvn will offer a better repository browsing experience.

Setting up websvn

Required packages

To get rolling with websvn we'll need to install the following packages, both will show you configuration screens (explained in the next paragraph):

# apt-get install enscript
# apt-get install websvn

Enscript isn't mandatory but we'll need it for syntax coloring in websvn.


Enscript will ask for paper size, this might seem awkward but that's because enscript is also used for converting ASCII files to PostScript. We need it for it's syntax coloring features.

Websvn will first ask for which kind of server to configure, go ahead and just press enter.

websvn server configurationwebsvn parent directorywebsvn repository directories
The next screens ask for a parent repository folder (/var/svn-repos/ in this case) and specific repository folders, this will determine which repositories will show up in websvn. We will only enter a parent repository, all repositories created in this folder will show up in websvn for users to browse. If you want to show only specific repositories enter their full paths in the second screen and leave the parent path blank.
As a result the file /etc/websvn/ will be written. You can rerun debian package configuration screens with dpkg-reconfigure. Further websvn configuration is done in the file /etc/websvn/ This is the content of my file with some extension mappings for the syntax coloring.

// --- LOOK AND FEEL ---
// Uncomment ONLY the display file that you want.
// $config->setTemplatePath("$locwebsvnreal/templates/BlueGrey/");
// $config->setTemplatePath("$locwebsvnreal/templates/Zinn/");
// $contentType[".c"] = "plain/text"; // Create a new association
// $contentType[".doc"] = "plain/text"; // Modify an existing one
unset($contentType[".sh"]); // Remove a default association -> .sh is regarded as a binary file by default, needs to be unset
// Uncomment this line if you want to use Enscript to colourise your file listings
// You'll need Enscript version 1.6 or higher AND Sed installed to use this feature.
// Set the path above.
// Enscript need to be told what the contents of a file are so that it can be colourised
// correctly. WebSVN includes a predefined list of mappings from file extension to Enscript
// file type (viewable in
// Here you should add and other extensions not already listed or redefine the default ones. eg:
// php is default correctly colourized
$extEnscript[".java"] = "java";
$extEnscript[".pl"] = "perl";
$extEnscript[".py"] = "python";
$extEnscript[".sql"] = "sql";
$extEnscript[".java"] = "java";
$extEnscript[".html"] = "html";
$extEnscript[".xml"] = "html";
$extEnscript[".thtml"] = "html";
$extEnscript[".tpl"] = "html";
$extEnscript[".sh"] = "bash";
// Uncomment this if you don't have the right to use it. Be warned that you may need it however!
// Comment this line to turn off caching of repo information. This will slow down your browsing.
// Number of spaces to expand tabs to in diff/listing view across all repositories
// To change the global option for individual repositories, uncomment and replicate
// the required line below (replacing 'myrep' for the name of the repository to be changed).
// $config->findRepository("myrep")->expandTabsBy(3); // Expand Tabs by 3 for repository 'myrep'
if ( file_exists("/etc/websvn/") ) {

Next up is configuring the apache virtualhost for websvn.
Example using SSL:

		<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot /var/www/websvn/
<Location />
Options FollowSymLinks
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem

Example without SSL:

		<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/websvn/

<Location />
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /etc/apache2/dav_svn.passwd
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On

Restart apache and have a look at the result at your

Useful Subversion references

Getting more information

Subversion clients

I hope you find this howto useful. This isn't a perfect setup, but hopefully it will help you in using Subversion. Please feel free to add comments or corrections.

Share this page:

45 Comment(s)

Add comment


From: Remington Konarski

I've tried at least 4 or 5 other subversion installation documents with little to no success. Most of the time Apache would never configure properly. Props to you! Finally an installation document that works and makes sense.

From: jlchannel


Subversion is great! I used SVNManager for managed my Subversion repo.


When you say: 

svn import -m "testing over https" ~/TEMP/

I think you mean: 

svn import -m "testing over https" ~/TEMP/

ie swap the last two arguments. 

From: pari sportifs

Good !

From: pari sportif

I like how to forge ! Great resource !

From: Biskouaz

Agreed. This is one of the mistake I found as well in this tutorial.
I wonder how all other users said; "Great, worked perfectly for me!".
Unfortunately it does not work for me and I suspect some more errors and missing information in this tutorial. Thanks anyway. I remains one of the best tutorial I found on the web.


From: angelabad

Hello, I make a spanish translation of this great howto, is in, if you have any problem with this, please contact me.


From: mattaldred

Fantastic Article! 


But can I suggest instead of:

    usermod -Gsubversion john

everyone use something like: 

    addgroup john subversion


"usermod -G" sometimes wipes all the user's existing groups.  

From: toor

Just a hint..

My preferably way to do that is using gpasswd:


 # gpasswd -a userX groupY
 Adding user userX to group groupY

From: are


From: bertheymans

There are some differences between Debian and Ubuntu, I clearly mentioned not to just copy/paste that code. Commands may behave differently on different distributions.

If you lost your admin privileges on Ubuntu and don't know the root password, try putting yourself back in the admin group using a Knoppix CD.

As other comments mention the addgroup command is a safe alternative, I changed the snippet in the howto to this command.


Debian Sarge uses SVN 1.1 which has the BDB filesystem as the default for new repositories. However, since SVN 1.2 the FSFS filesystem has become the new default. So, to be as futureproof as possible , I suggest that You change the repository creation commands as follows:

# svnadmin create --fs-type fsfs /var/svn-repos/project_zen

# svnadmin create --fs-type fsfs /var/svn-repos/project_wombat


hai all

i think the line below in the 

Setting up Subversion and websvn on Debian tutorial is wrong

$ svn co svn+ssh:// testcheckout

its like

$ svn co svn+ssh:// testcheckout

correct me if its wrong 





Thanks pointing that out, it has been corrected :)

From: ???

thanks for sharing.


Hello all!

Great article! I just wanted to add a reference to another howto article on creating SSH keys for Windows machines that will be loggin into the https repository:

I found this when looking for myself, and thought I would post it here to give others easier access.

Thanks again for the article!

From: neon

thank you

From: Anonymous

wont the ssh users be able to see server / ???

From: Patrick

Thanks for the great how-to. I managed to get all fixed. However, there is one minor mistake (of course, everybody will be able to fix it themselves)

/etc/init.s/apache2 restart
should be:
/etc/init.d/apache2 restart

gr. P

From: Betclic


From: Anonymous

You should add .bashrc file with content :

umask 002

On top of the /var/svn-repos

From: Fez

When I did: $ ssh-agent $ ssh-add $ ssh faizan@localhost ssh: connect to host localhost port 22: Connection refused Similarly, later in the tutorial: $ svn import -m "importing test over ssh+svn" ~/TEMP/ svn+ssh:// trunk svn: Network connection closed unexpectedly Please Note- I had skipped: $ cat ~/.ssh/ | ssh [email protected] "cat - >> ~/.ssh/authorized_keys" because when I ran "ssh-add" it already asked me for a password and all :s was that the right thing to do?

From: Fez

ok, so i need to make amends to that last post. I'll start over:

faizan@acer-laptop:~/.ssh$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/faizan/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/faizan/.ssh/id_dsa.
Your public key has been saved in /home/faizan/.ssh/

faizan@acer-laptop:~/.ssh$ ls

faizan@acer-laptop:~/.ssh$ cat ~/.ssh/ | ssh faizan@acer-laptop "cat - >> ~/.ssh/authorized_keys"
ssh: connect to host acer-laptop port 22: Connection refused

I pressed enter when it asked me about the file name to save to, and when it asked me for a password.

So why am i getting the error above? :s please help!

From: Niklas

Adding the apache user to the subversion group fixes this but as the author said (almost at the top):

The apache user won't be put in the group because I find it less secure. 

I did this with addgroup:

# addgroup www-data subversion

This worked for me and I don't worry about the risks since my server is located in a very secure network. But can anyone elaborate the risks with this I'm grateful.

But I will probably remove it again since my clients only will communicate to the svn-server via https.

From: Anonymous

Everything works grate but when I use svn+ssh to checkin new stuff the owner of db/current and db/txn-current changes from APACHE_USER to CHECKING_IN_USER.

When I browse websvn the repository is empty until I change the owner back to APACHE_USER.

Have I missed something?

One way to solve this problem is using a cronjob that changes permissions at a regular basis. But is there an other one?

From: Anonymous

Thank you. Never done any of that before and your instructions were perfect. Great article

From: Anonymous

Thanks for sharing. You can also refer this site to get some more useful details.

From: rosinballe

Used this howto to get websvn going on ubuntu 8.04 server. Thanks!

However, I needed one additional package to get it running:

# apt-get install  python-subversion

Also, enscript does not prompt me for anything.

From: Ben which is the definitive
answer.  It appears that the options order has changed and so was able
to import with
 svn import ~/TEMP/ -m 'testing over http'

From: Hardik

Worked perfectly.


From: hardik

Million dollar article. Thanks.

From: Anonymous

htpasswd -m dav_svn.passwd USERNAME


From: Juan

Try executing it with sudo or as root user



Great article!

However, I need to create a user that has only read access to the same repository as the users that has full access. How can i accomplish that?


From: rajesh

Very helpful.. Thanks a ton..bertheymans

From: Trikks


From: Nuno

Hi, first nice toturial, i love it.

question, websvn runs in mod_fcgi? Cause i get:

Error 403!




You don't have permission to access /index.php on this server.

 thanks in advance


From: Piffer

Thank you for this tutorial. I still need to do some more homework on the whole svn+ssh part, but all the other stuff works fine.

 Rather than using websvn, I'll try to get Trac setup (


From: bera

Great instruction, very helpful.

Thank you a lot!

You'll bless you in all your way! 

From: jarquet

Everything worked perfectly, everything is set up just how I needed it.  I didn't do the webSVN, don't think i'll need it soon, but I couldn't have asked for better instructions for the rest of it.  Way big thanks.


Yes its a really nice guide, but I would recommend to check out Git distrubuted version control. That is the best distrubuted version control out there. Here is a guide to install a repository server on linux debian distros. How to install and setup a Git Repository Server using Gitolite on Linux Ubuntu 10.04 & 11.04 [Development Environment]

From: Craig Douglas

Note that the DocumentRoot paths in your apache config files could be different to /var/www/websvn.  If you get an error when restarting apache, try finding your actual websvn directory using something like:

find / -path "*websvn/index.php"

 My path on debian (squeeze) was actually /usr/share/websvn/

From: Tavo

Excellent article. All works perfect. Thank you for all about this.



From: Anonymous

To avoid facing the problem:

"Could not open the requested SVN filesystem" 

 Replace the instruction:

 chown -R www-data:subversion /var/svn-repos/*


 chown -R www-data:subversion /var/svn-repos

From: Stephen

Good Day Everyone,

Is this article still relevant concerning securcurity 8 years after? It's very helpful and I'm setting up my SVN server per these instructions but I'd like to make changes for updated security enhacements as I go, if there are any.