bzr serve and access control?
Josef Wolf
jw at raven.inka.de
Tue Feb 2 10:32:18 GMT 2010
On Tue, Feb 02, 2010 at 09:35:44AM +1100, Ben Finney wrote:
> Josef Wolf <jw at raven.inka.de> writes:
>
> > But still, people need multiple ssh keys: one key per repository.
>
> Why do you say that? The same public key can appear in an arbitrary
> number of locations, with the result that each location will accept the
> same corresponding private key.
Ben, maybe you can describe in more detail how to setup this?
AFAICS, you have three options:
1. Create user accounts and rely on filesystem access control. This way
you end up with having lots of user accounts, which you might not want
to have, since it is a server. In addition, managing user groups
become a pain very quickly.
2. Create one account per repository and use authorized_keys to give
permission to users. No way to give read-only access this way.
In addition, it is not possible to give users possibility to create
new repositories on the fly by themselves.
3. Use bzr_access (or a similar method). Here, every user needs multiple
keys (one key for every repository he wants to access).
As above, we can't give read-only access to specific users this way.
What am I missing?
More information about the bazaar
mailing list