bzr serve and access control?
John Arbash Meinel
john at arbash-meinel.com
Tue Feb 2 21:41:30 GMT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Josef Wolf wrote:
> On Tue, Feb 02, 2010 at 05:03:20PM +0100, Josef Wolf wrote:
>> On Tue, Feb 02, 2010 at 11:05:49PM +1100, Ben Finney wrote:
> [ ... ]
>>> All true. It's a trade-off: you lose all the flexibility of proper user
>>> accounts, while gaining the simplicity of avoiding user accounts.
>> This does not have to be a tradeoff. You don't have such a tradeoff with git
>> and you don't have such a tradeoff with subversion (I don'T know about other
>> VCS's, though). With git, you can use gitolite and for svn, you can use
>> mod_dav_svn over ssl. So you have the simplicity without loosing the
>> flexibility.
>>
>> Bazaar could also have both, if only it would pass the required information
>> (which repository, and which type of access) on the command line, as I
>> described at the beginning of the thread.
>
> In fact, if I think about it, "bzr serve" is already prepared for the changes
> that are needed to pass the required information. It's just that the _client_
> passes the _wrong_ information.
>
> To illustrate: when I invoke
>
> bzr clone bzr+ssh://bzr-user@host.do.main/foo/bar
>
> then
>
> bzr serve --inet --directory=/ --allow-writes
>
> is invoked on the remote side. IMHO, there are two things wrong here:
>
> First problem is that the --allow-writes option is passed. But isn't "clone"
> a read-only operation? So why is the --allow-writes option passed here?
>
> Second problem is that the /foo/bar part is dropped. Why not invoke
>
> bzr serve --inet --directory=/foo/bar
It is more obvious if you say
bzr init-repo /srv/repo
mkdir /srv/repo/a_project
bzr init /srv/repo/a_project/branch
bzr branch bzr+ssh://host/srv/repo/a_project/branch
The --directory argument to bzr serve gives the *root* of the served
filesystem. We ensure that you cannot access any filesystem path outside
of this space. So that people can run 'bzr serve --directory=/srv/repo'
if they want to set up public access to a repository, and not allow
external users access to anything but that repo.
If for the above 'bzr branch' we did:
bzr serve --inet --directory=/srv/repo/a_project/branch
Then the server would refuse access to the 'repository'. The client does
not know *where* the repository is until we've connected. (As it could
have been in /srv/repo, or /srv/repo/a_project or
/srv/repo/a_project/branch.)
In the end, we can do all the access control that one would need, you
just have to do it from within bzr, rather than trying to it from shell
above bzr.
Somebody else pointed out:
http://projects.serverzen.com/pm/p/cluemapper/wiki/ClueBzrServer
Which IIRC does exactly that. It provides an ACL based transport that
restricts access based on an htpasswd style password file.
Now I believe clue-bzrserver serves over HTTP access, but it should be
performance equivalent to bzr+ssh.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAktonAoACgkQJdeBCYSNAAPsrgCdHAC0qhLhvfqbF/DSiNrSDHU1
eBQAmwdVv7br5sdEQCqIBUMIyZ+vwDy8
=9nev
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list