Setting up a shared repository for users with no shell login
John Arbash Meinel
john at arbash-meinel.com
Wed Jan 30 15:10:36 GMT 2008
alex mitchell wrote:
> I apologize if this is a FAQ, but I haven't been able to find this in the
> docs.
>
> What I'd like to do is set up my shared repository on an Ubuntu-based
> server, and let my project team use bzr to push/pull/commit files to/from
> the repository. However, I don't want them to be able to log in and browse
> around and execute commands in the filesystem using ssh or sftp.
>
> Is there any way to do this? I've tried restricting login by setting the
> users' shell to /bin/false, which stops the users from logging in, but this
> also blocks bzr from connecting using sftp. Can I block users from logging
> in, but still allow bzr to have access to read/write to the files within the
> repository?
>
> thanks!
> Alex Mitchell
> alexm at nus.edu.sg
>
You can use the "contrib/bzr_access" script which is intended to control
access based on SSH key.
It doesn't do as much access control as people would like, but it does
provide exactly what you are asking here.
It would only allow people to run "bzr_access", and thus only "bzr+ssh"
connections. It is also designed to chroot the bzr process, so they
cannot access all files on the remote system.
You set it up by adding a line to .ssh/authorized_key like:
command="/path/to/bzr_access /path/to/bzr /path/to/repo username"
SSHKEYINFO
John
=:->
More information about the bazaar
mailing list