Recommendations For Access Control
David Strauss
david at fourkitchens.com
Mon May 10 01:14:14 BST 2010
On 2010-05-10 00:02, Scott Stephens wrote:
> Hi all,
>
> I'm looking for some advice on how to configure access control to a
> central bazaar repository located on a Ubuntu server. Users have
> shell accounts on the machine, and use it for things other than
> accessing the repository.
>
> I'd like to accomplish the following:
> - Allow users remote access to the repositories on the machine.
> - Have authentication/access control be linked to the user's shell account
> - Give certain users commit privileges on the repositories, and deny
> this to other users.
> - Allow users with commit privileges to commit to the repository, but
> otherwise deny write access to the repository data (mainly I don't
> want users with only commit privileges to be able to destroy or
> corrupt the repository by deleting the files or overwriting them with
> garbage data using a non-bzr program).
>
> Using bzr+ssh with linux file permissions to control access seems like
> a fit except that I would have to allow committers full write access
> to the bzr data, which I would rather not do. Using the various
> limited ssh solutions seems like a fit except that it doesn't allow
> users to use their shell accounts on the machine normally.
The Wikimedia Foundation uses a fake shell (I think called "silly
shell") that SSH starts which only allows Subversion commands. You could
do the same for Bazaar.
--
David Strauss
| david at fourkitchens.com
| +1 512 577 5827 [mobile]
Four Kitchens
| http://fourkitchens.com
| +1 512 454 6659 [office]
| +1 512 870 8453 [direct]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20100510/17fc92d9/attachment.pgp
More information about the bazaar
mailing list