Access control for shared repository
John Arbash Meinel
john at arbash-meinel.com
Mon Dec 10 15:29:46 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Balint Aradi wrote:
>>> I was thinking to write a Python wrapper in the spirit of hg-login [1]
>>> in order to restrict access to selected repositories. One could specify
>>> for each repository rw or r flags for users or group of users.
>> I think that would be very helpful to have. I'm not super amazed at the perl
>> script, but I guess it does what it needs to.
>
> I've written something alike (in Python, of course):
>
> http://www.bccms.uni-bremen.de/uploads/media/bzr_access
>
> However, that doesn't work, since it tries to extract the directory name
> from the --directory option in the command passed to ssh. :-( This
> means, permission control should be implemented in bzr itself, and not
> added as a wrapper. I'm not sure, if there is any effort in that
> direction going on.
>
> Best regards
>
> Bálint
>
>
Thanks Bálint. I would mention one possibility...
You could do:
local_repository_base = '/path/to/foo'
And then when you find the string "--directory=/" in the arguments, just
replace that with: '--directory=/path/to/foo'
I did test this:
bzr serve --directory=/Users/jameinel/dev/bzr
bzr log bzr://localhost/bzr.dev
And it worked very well.
This also would address some of Andrew Cowie's complaint that they have to use
extra-long URLs because we require absolute paths. Basically, the bzr_access
wrapper gives a bit of a "chroot" to the bzr process which is spawned. It isn't
exactly like a chroot, but the effect is very similar.
(Internally, we should be limiting all paths to only subdirectories of whatever
is supplied to --directory, so it should be a reasonable thing to do.)
I might work out a patch for you.
Again, thanks for your efforts.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHXVtqJdeBCYSNAAMRAkZYAJ40fQ9XmLT2t6TGYuxEzITdu4oBGACfYRE8
PCNT40SfL7/Sj2gWnVR9/rU=
=z+8s
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list