bzr serve and access control?
John Arbash Meinel
john at arbash-meinel.com
Tue Feb 2 14:42:58 GMT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Josef Wolf wrote:
> On Tue, Feb 02, 2010 at 09:35:44AM +1100, Ben Finney wrote:
>> Josef Wolf <jw at raven.inka.de> writes:
>>
>>> But still, people need multiple ssh keys: one key per repository.
>> Why do you say that? The same public key can appear in an arbitrary
>> number of locations, with the result that each location will accept the
>> same corresponding private key.
>
> Ben, maybe you can describe in more detail how to setup this?
>
> AFAICS, you have three options:
>
> 1. Create user accounts and rely on filesystem access control. This way
> you end up with having lots of user accounts, which you might not want
> to have, since it is a server. In addition, managing user groups
> become a pain very quickly.
>
> 2. Create one account per repository and use authorized_keys to give
> permission to users. No way to give read-only access this way.
> In addition, it is not possible to give users possibility to create
> new repositories on the fly by themselves.
I believe it is possible to configure a custom ssh command based on the
incoming key. So it is actually possible to configure readonly based on
key. However, it is a bit trickier to do so.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktoOfIACgkQJdeBCYSNAAPiJgCgx2KvtZwpFahceFDU72G4uUaR
BdEAoJTNkKdMsTUk0xStrKHk/xFaum3p
=kF2O
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list