Access control
John Arbash Meinel
john at arbash-meinel.com
Tue Feb 27 17:39:19 GMT 2007
Jeffrey Cunningham wrote:
> I am experimenting with using Bazaar to manage a software project at
> work. Is there a way to control who has 'access rights' to the
> repository? What I would like to see is two sets of privileges: one set
> for developers who can both read and write the repository, and another
> set for users who can only read. Ideally, specific users privileges to
> read (create a branch) from the repository could be revoked if they left
> the company, for example.
>
> Thanks for any suggestions.
>
> -Jeff
The short answer is that permissions are generally handled outside of
bzr itself. Either by HTTP access permissions or by filesystem permissions.
Generally, this is done using regular filesystem permissions. So if you
use regular unix permissions, then you would set up 2775 on the
directories. Which is rwx for User (doesn't really matter) rwx for Group
(which is the devel group) and rx for everyone else. The 2 is the setgid
bit, which keeps the files and directories owned by the original group.
Which should work for anyone who you allow to access your particular
machine over sftp. You can also set up HTTP authentication for read-only
access.
So another way to do it would be to only give users http access if you
want them to have read-only access, and then allow them access over sftp
if you want to give them read/write access. (sftp and/or bzr+ssh access).
There is one further possibility if you want to install a bzr server on
the machine over http, but it is a bit more involved, and until some of
the 'hpss' changes land, doesn't help a lot yet.
John
=:->
More information about the bazaar
mailing list