bzr_access installation and usage

John Szakmeister john at szakmeister.net
Sat Oct 17 11:49:27 BST 2009 

On Sat, Oct 17, 2009 at 5:44 AM, Eugene Wee <crystalrecursion at gmail.com> wrote:
> Hi everyone,
>
> Just a few questions concerning contrib/bzr_access:
>
> Concerning installation: on Ubuntu, is it sufficient to just copy over
> bzr_access from source to say, /usr/bin and make it executable? I
> would then have to login as the given user, and then run the script?
>
> Concerning usage: the script's description says that "this allows you
> to set up a single SSH user, and customize the access based on ssh
> key". So, suppose I create a single SSH user, bzraccess. Now, I want
> to allow read/write access to a shared repository
> /home/bzraccess/repo1 to alice and bob, and read/write access to
> another shared repository /home/bzraccess/repo2 to charlie and
> deborah. However, I want to forbid charlie and deborah from accessing
> repo1, and forbid alice and bob from accessing repo2, and all of them
> cannot access anything else on the server. Is bzr_access the right
> solution for this, and if so, how should it be done? Must alice, bob,
> charlie and deborah have user accounts on the server?

Actually, a fair amount of the documentation is in the script itself.
But I'll try and answer the questions.  You do need to place the
script somewhere and make it executable.  You only create a single
user account (maybe 'bzr' or something).  Alice, Bob, Charlie, and
Deborah must provide their public key, and in the authorized_keys for
the bzr user, put the following line (taken from the script):
     command="/path/to/bzr_access /path/to/bzr /path/to/repository
<username>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-<type> <key>

ssh-type and key come from their public key (generally
~/.ssh/id_rsa.pub for the particular user)

Setting it up in this way, will force bzr_access to be run (they won't
get a normal shell prompt).  I believe you can do what you want with
bzr_access.  Take a look at the content of the script, there is a
bunch of documentation right at the beginning explaining the format
for bzr_access.conf.

HTH!

-John

More information about the bazaar mailing list