Access control for shared repository

John Arbash Meinel john at arbash-meinel.com
Mon Dec 10 17:00:42 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Balint Aradi wrote:
> Dear John,
> 
>>> I've written something alike (in Python, of course):
>>>   http://www.bccms.uni-bremen.de/uploads/media/bzr_access
>>> However, that doesn't work, since it tries to extract the directory name
>>> from the --directory option in the command passed to ssh. :-( This
>>> means, permission control should be implemented in bzr itself, and not
>>> added as a wrapper. I'm not sure, if there is any effort in that
>>> direction going on.
>> Thanks Bálint. I would mention one possibility...
>>
>> You could do:
>>
>> local_repository_base = '/path/to/foo'
>>
>> And then when you find the string "--directory=/" in the arguments, just
>> replace that with: '--directory=/path/to/foo'
>>
>> I did test this:
>>
>>   bzr serve --directory=/Users/jameinel/dev/bzr
>>
>>   bzr log bzr://localhost/bzr.dev
>>
>> And it worked very well.
> 
>   I agree, this indeed solves the issue with the absolute paths.
> However, what happens, if the given ssh-account contains many
> repositories, and you would like to give the people access rights to the
> different repositories individually.
> 
>   When sshd starts the wrapper script, you don't know, which repository
> the user would like to access, since the --directory option comming
> through ssh contains always "/". So, the users have either access to all
> repositories or to none of them. Alternatively, you could ask them to
> use separate ssh-key for accessing separate repositories, or one could
> create separate accounts for separate repositories, but none of those
> both solutions really matches my taste.
> 
>   Therefore, in my oppinion, the access control should rather be
> implemented inside bzr. (bzr serve could look up an optional
> authorization file and then decide if the incoming query is served or
> not. This would be pretty similar what svnserve is doing for subversion.
> 
>   Best regards
> 
>     Bálint

Well, one interesting trick is that you could customize it based on ssh user.
So you could do:

bzr log bzr+ssh://project@host/branch
bzr log bzr+ssh://project2@host/trunk

etc.

That isn't a whole lot different from:

bzr log bzr+ssh://host/project/branch
bzr log bzr+ssh://host/project2/trunk


I've been playing with your bzr_access script a little bit (planning on adding
it to contrib/*). And I've been trying to work out what it would take to give
it an ACLTransport. Certainly it would be reasonably easy to take the
functionality in cmd_serve() and move it into the script. Which would make it
easier to do more customization.

I'm also thinking to move some of the command-line arguments that you gave, and
put them into the script itself. Since that will simplify the
.ssh/authorized_keys configuration.

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHXXC6JdeBCYSNAAMRAqJlAJ47XJmqMFfA4x/Jy+Ko9T0GCkWe0gCglV/y
tQ05irIPKGJ2lySyrgFf8Lw=
=o+Qp
-----END PGP SIGNATURE-----



More information about the bazaar mailing list