Q: Access Control Options
Maritza Mendez
martitzam at gmail.com
Tue Sep 28 16:47:21 BST 2010
Hi. There are a couple current threads here (ok, including one I started)
which include discussion of ACL-like properties for branches. So I assume
there is interest in this topic. I have had typically bad expereinces with
the ACL layer tacked onto some commercial version control systems. So I am
very cautious about suggesting similar "enhancements" to bzrlib. Instead,
I've been thinking about the Un*x way -- many "little" tools, each of which
does one job extremely well -- and leveraging the expertise and architecture
already baked into every Linux box.
Currently, I provide access controls for centralized "trunk" branches for
about a dozen projects in my organization. In the simplest case, I set up a
new branch a server and 'chown -R' the root of the branch to a specific
dummy user and 'chmod og-rwx'. More generally, a single dummy user may
own a "bzr group" of branches. My developers publish their RSA public
keys. I then manage access by adding/removing their keys from the
.ssh/authorized_keys in each dummy user's homedir.
This scheme works fine for a small number of branches but quickly gets
tedious. I started to imagine an administration tool, using a PyQt GUI with
an SQLite backend to track the registered branches, dummy accounts across
multiple severs and developer's public keys. As I went through the use
cases, I realized right away that I wanted more fine-grained control.
Namely, per-branch rather than per-dummy-user, because the membership of a
"bzr group" may change. The only way I can think of getting per-branch
control is by adding a user for *every* branch. I suppose that's not too
bad (as long as users are deleted when their brnach is deleted) but it does
seem a little clumsy.
So can anyone think of a better way to get from per-user access control to
per-branch access control with the tools we already have, i.e. without
modifying bzrlib?
Thanks,
~M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20100928/c6a9d0f4/attachment.htm
More information about the bazaar
mailing list