Setting up a shared repository for users with no shell login
alex mitchell
cnmmai at nus.edu.sg
Thu Jan 31 14:21:37 GMT 2008
Thanks, this sounds like what I'm looking for.
Sorry for asking another silly question, but where's the contrib directory?
thanks,
Alex
On 1/30/08 11:10 PM, "John Arbash Meinel" <john at arbash-meinel.com> wrote:
> alex mitchell wrote:
>> I apologize if this is a FAQ, but I haven't been able to find this in the
>> docs.
>>
>> What I'd like to do is set up my shared repository on an Ubuntu-based
>> server, and let my project team use bzr to push/pull/commit files to/from
>> the repository. However, I don't want them to be able to log in and browse
>> around and execute commands in the filesystem using ssh or sftp.
>>
>> Is there any way to do this? I've tried restricting login by setting the
>> users' shell to /bin/false, which stops the users from logging in, but this
>> also blocks bzr from connecting using sftp. Can I block users from logging
>> in, but still allow bzr to have access to read/write to the files within the
>> repository?
>>
>> thanks!
>> Alex Mitchell
>> alexm at nus.edu.sg
>>
>
> You can use the "contrib/bzr_access" script which is intended to control
> access based on SSH key.
>
> It doesn't do as much access control as people would like, but it does
> provide exactly what you are asking here.
>
> It would only allow people to run "bzr_access", and thus only "bzr+ssh"
> connections. It is also designed to chroot the bzr process, so they
> cannot access all files on the remote system.
>
> You set it up by adding a line to .ssh/authorized_key like:
>
> command="/path/to/bzr_access /path/to/bzr /path/to/repo username"
> SSHKEYINFO
>
> John
> =:->
>
More information about the bazaar
mailing list