Setting up a shared repository for users with no shell login
alex mitchell
cnmmai at nus.edu.sg
Sat Feb 2 04:17:39 GMT 2008
Hi John,
Thanks for the clarification. So I guess this means that, as you said
earlier, bzr_access doesn't really provide directory-level access control,
but it does provide the basic functionality that I was looking for, ie.
chroot to the root of the repository, and block shell login.
However, I'm still getting "Access denied" from bzr_access, even with '/' as
the directory in bzr_access.conf. The "Access denied" is definitely coming
from the code within the script, as my debugging statements are called
successfully. I'll poke around some more and see if I can figure it out...
Thanks for your help.
Alex
On 2/1/08 1:55 PM, "John Arbash Meinel" <john at arbash-meinel.com> wrote:
> alex mitchell wrote:
>> Hi John,
>>
>> Thanks for your help!
>>
>> I added logging in bzr_access, to print out SSH_ORIGINAL_COMMAND, and the
>> values of bzrExec, repoRoot, user and directory. Everything looks ok, except
>> for directory, which always seems to be /. I'm guessing this is the problem,
>> since this doesn't match the directory that I've given the user permission
>> for in bzr_access.conf, and which I requested when connecting from the
>> remote machine.
>>
>> Any idea why this is happening?
>>
>> Alex
>
> bzr always sends '/'. It was just confusion by the person who wrote
> bzr_access. (The client doesn't know until it connects where the actual
> repository is, so it cannot send it in advance. It might guess where the
> branch is, but the actual repository could be in any containing dir.)
>
> So if you just set it up with '/' it should work.
>
> John
> =:->
>
More information about the bazaar
mailing list