Setting up a shared repository for users with no shell login

[Olaf Conradi]

Hi,

2008/1/30, John Arbash Meinel <john at arbash-meinel.com>:
>
> alex mitchell wrote:
> > Is there any way to do this? I've tried restricting login by setting the
> > users' shell to /bin/false, which stops the users from logging in, but
> this
> > also blocks bzr from connecting using sftp. Can I block users from
> logging
> > in, but still allow bzr to have access to read/write to the files within
> the
> > repository?
>
> You can use the "contrib/bzr_access" script which is intended to control
> access based on SSH key.
>
> It doesn't do as much access control as people would like, but it does
> provide exactly what you are asking here.
>
> It would only allow people to run "bzr_access", and thus only "bzr+ssh"
> connections. It is also designed to chroot the bzr process, so they
> cannot access all files on the remote system.
>
> You set it up by adding a line to .ssh/authorized_key like:
>
>   command="/path/to/bzr_access /path/to/bzr /path/to/repo username"
> SSHKEYINFO
>
> John
> =:->
>

I never noticed the bzr_access script in contrib. Cool. I might switch to
that.

I once created the attached script and set it as shell for my bzr user.
It does not use the command option of ssh keys, it just checks if "bzr
serve" is somewhere in the command argument given by ssh and starts bzr
serve hard coded (not through the command environment variable).

It lacks the read/write distinction that bzr_access has, and only serves a
hard coded repository.

Cheers,
 -Olaf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20080130/e5c1859f/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bzrsh
Type: application/octet-stream
Size: 498 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20080130/e5c1859f/attachment.obj