Q: howto require per-branch authentication to commit or push changes
Michael B. Trausch
mike at trausch.us
Sat Apr 4 01:20:25 BST 2009
On Fri, 3 Apr 2009 16:50:17 -0700
Maritza Mendez <martitzam at gmail.com> wrote:
> I think I am making this harder than it has to be. I hope there is
> an easy solution but I don't see it in either the user guide or user
> reference. Other people must have similar requirements.
>
> We are required to limit access -- especially commit rights -- on a
> per-branch basis. For example, Hector and Carlos can both commit to
> Project_1 but Project_2 must deny access to Hector and Martitza.
>
> If we use file:// then we can probably use filesystem permissions.
>
> What if we are using the bzr smart server? It seems like adding
> bzr+ssh does only global authentication for the sever, not per-branch
> authentication.
You should be able to use group permissions to handle the problem on
the remote host.
At present, I have a server on my LAN which houses branches for me,
in /srv/vcs/bzr for Bazaar branches. So, I create the "alltray"
repository at /srv/vcs/bzr/alltray, and I can push trunk to it. Note
that the repository is owned by root:alltray, so only members of group
"alltray" can push into it:
Ubuntu Jaunty:[0-15/1532-0]:alltray> bzr push
bzr+ssh://172.16.0.2/srv/vcs/bzr/alltray/trunk
mbt at 172.16.0.2's password: ssh < 0KB 0KB/s |
Created new branch.
Ubuntu Jaunty:[0-23/1540-3]:alltray> bzr push
bzr+ssh://halcyon@172.16.0.2/srv/vcs/bzr/alltray/trunk2
halcyon at 172.16.0.2's password: < 0KB 0KB/s |
bzr: ERROR: Permission denied: "/srv/vcs/bzr/alltray/trunk2": : [Errno
13] Permission denied: '/srv/vcs/bzr/alltray/trunk2'
Looking at group memberships:
Friday, 2009-Apr-03 at 20:19:19 - mbt at allspice - Linux v2.6.28.7
Debian Lenny:[0-1/1117-0]:~> id mbt
uid=1000(mbt) gid=1000(mbt)
groups=1000(mbt),4(adm),27(sudo),50(staff),1001(music),1005(alltray)
Friday, 2009-Apr-03 at 20:19:21 - mbt at allspice - Linux v2.6.28.7
Debian Lenny:[0-2/1118-0]:~> id halcyon
uid=1002(halcyon) gid=1003(halcyon) groups=1003(halcyon),1001(music)
And looking at the repository directory:
Friday, 2009-Apr-03 at 20:19:49 - mbt at allspice - Linux v2.6.28.7
Debian Lenny:[0-4/1120-0]:~> ls -l /srv/vcs/bzr
total 4
drwxrwsr-x 4 root alltray 4096 2009-04-03 20:05 alltray/
(Also, note that the directory is g+ws, so that when a branch is
pushed, it will also be owned by the "alltray" group.)
--- Mike
More information about the bazaar
mailing list