Access controls...

John Szakmeister john at szakmeister.net
Sun May 2 15:12:27 BST 2010 

In my environment, we have the need for limiting access to various
branches and projects.  I've been working diligently to try and
implement a Bazaar setup that allows us to do this, but have run into
yet another hurdle.

So, I have setup my server using a shared repository for each project,
and placing the branches inside.  I figured that would us save some
space.  Unfortunately, it opens another security hole.

Let me explain, I've written a tool that sits in front of the smart
server that will do some basic access controls (read, write, none).
This works really well with plain branches (no shared repository).
Unfortunately, with a shared repository in the mix, things get harder.
 It turns out that when you push to a branch, instead of proxying
through <branch-url>/.bzr/smart, it opens a connection to the shared
repository via <repository-url>/.bzr/smart.

Now, it makes sense... the repository is there to store all the
revisions.  However, from an access control standpoint, this is
bothersome.  It makes it difficult to say things like "make trunk
writable by just a few people".  If someone was persistent enough,
they could modify the repository directly, because I'd have to leave
the repository url writeable so that other users can create branches
and manipulate them.  So this is either going to force me to use
stacked branches (and given the issues I've had with them in the past,
this makes me uncomfortable), or I'm going to have to use plain
unstacked branches and waste more disk space.

So, I'd like to put this question out there: has anyone set up a
server that does NOT provide read-only access to everyone, but does
provide read-only access to some individuals and write access to a
selected group of people?  Additionally, is it easy to maintain?

Does any of this work better with SSH?  Will it re-use the same
session for accessing the shared repo instead of trying to open a new
url?

Also, I saw this up on the wiki:
   <http://wiki.bazaar.canonical.com/Specs/ACLTransport>

Has any more thought been given to it?  How hard is it to write a new
transport/server?

Sorry for all the questions and the long email, but I really want to
get this set up and working in our environment, and there are a lot of
road blocks to getting there. :-(

-John


-John

More information about the bazaar mailing list