bzr serve and access control?

[Josef Wolf]

Thanks for your quick response, Ben!

On Fri, Jan 29, 2010 at 10:28:46AM +1100, Ben Finney wrote:
> Josef Wolf <jw at raven.inka.de> writes:
> 
> > I am looking into ways to install bazaar with access control. AFAICS,
> > bzr-serve doesn't offer any access control by its own.
> 
> Could you be more specific about what control you want?

I want to set up a server with multiple remote repositories and have fine
grained control who can read or write which repositories without creating
real users on the server.

> > Do I miss something important? How do I implement access control with
> > bzr?
> 
> As you are probably aware, Bazaar will be bound by the filesystem access
> controls for the repository and branch, and the transport access
> controls for network traffic.

AFAICS, write access is possible only via sftp and bzr+ssh protocols. Since
filesystem access is used here, I would have to create a login on the server
for every user with access to any repository.

> But it sounds like you want control over something else.

Not at all. I just want to have it more fine-grained than filesystem controls
and I don't want to create myriards of real users on the server just to give
them access to one of the repositories.

So the idea (that I actually implemented in git, and which works great) was
to have one special user (e.g. bazaaruser) and all the ssh keys of all the
real users would be put into ~bazaaruser/.ssh/authorized_keys like that:

  command="bzraccess jw",more,options ssh-dss AAAB...ASD jw at raven

With this entry, the bzraccess script is started whenever I try to access
bzruser at raven. This script gets passed my real user name (jw), so it knows
who I am. And this script can find out which command I tired to execute by
checking the SSH_ORIGINAL_COMMAND variable.

Given all that, if bzr would pass enough information when it calls the remote
bzr-serv, the script would be able to do real sophisticated access checks.