bzr_access installation and usage
Eugene Wee
crystalrecursion at gmail.com
Sun Oct 18 20:17:53 BST 2009
Hi,
On Sun, Oct 18, 2009 at 7:16 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Both the documentation and
> the code of rev.
> 3171.something indicate that access control by path and <username>
> configuration in
> bzr_access.conf should work, with username determined by the SSH key
> used to access
> the repository. Exactly this system (implemented in Perl and with a
> Perlish config file)
> has been used with CVS for around 10 years.
>
> "Dr. Frankenstein" didn't leave any documentation of why s/he did a
> full featurectomy
> rather than fixing it, unfortunately, so I can't tell you whether s/he
> knew what s/he was
> doing, and it really is impossible to implement the feature that way.
I read with interest what John Arbash Meinel had to say about
SSH_ORIGINAL_COMMAND:
http://www.nabble.com/Setting-up-a-shared-repository-for-users-with-no-shell-login-td15177033.html
"bzr always sends '/'. It was just confusion by the person who wrote
bzr_access. (The client doesn't know until it connects where the actual
repository is, so it cannot send it in advance. It might guess where the
branch is, but the actual repository could be in any containing dir.)"
Adding some logging shows that this is still true. The directory
option from SSH_ORIGINAL_COMMAND always has '/' as its value. I
reason that "Dr. Frankenstein" knew what he/she was doing.
Unfortunately, this means that correctly adding such per-directory
access control support is currently beyond me.
Regards,
Eugene
More information about the bazaar
mailing list