Q: Access Control Options
Maritza Mendez
martitzam at gmail.com
Wed Sep 29 00:51:37 BST 2010
On Tue, Sep 28, 2010 at 4:39 PM, Max Bowsher <maxb at f2s.com> wrote:
> On 28/09/10 16:47, Maritza Mendez wrote:
> > Hi. There are a couple current threads here (ok, including one I
> > started) which include discussion of ACL-like properties for branches.
> > So I assume there is interest in this topic. I have had typically bad
> > expereinces with the ACL layer tacked onto some commercial version
> > control systems. So I am very cautious about suggesting similar
> > "enhancements" to bzrlib. Instead, I've been thinking about the Un*x
> > way -- many "little" tools, each of which does one job extremely well --
> > and leveraging the expertise and architecture already baked into every
> > Linux box.
> >
> > Currently, I provide access controls for centralized "trunk" branches
> > for about a dozen projects in my organization. In the simplest case, I
> > set up a new branch a server and 'chown -R' the root of the branch to a
> > specific dummy user and 'chmod og-rwx'. More generally, a single dummy
> > user may own a "bzr group" of branches. My developers publish their RSA
> > public keys. I then manage access by adding/removing their keys from
> > the .ssh/authorized_keys in each dummy user's homedir.
> >
> > This scheme works fine for a small number of branches but quickly gets
> > tedious. I started to imagine an administration tool, using a PyQt GUI
> > with an SQLite backend to track the registered branches, dummy accounts
> > across multiple severs and developer's public keys. As I went through
> > the use cases, I realized right away that I wanted more fine-grained
> > control. Namely, per-branch rather than per-dummy-user, because the
> > membership of a "bzr group" may change. The only way I can think of
> > getting per-branch control is by adding a user for *every* branch. I
> > suppose that's not too bad (as long as users are deleted when their
> > brnach is deleted) but it does seem a little clumsy.
> >
> > So can anyone think of a better way to get from per-user access control
> > to per-branch access control with the tools we already have, i.e.
> > without modifying bzrlib?
>
> Have you tried the contrib/bzr_access script within the bzr source tree?
> I have not, but it looks exactly like the kind of thing I think I'd be
> aiming for if I ever manage to promote Bazaar sufficiently within my own
> workplace.
>
> Max.
>
>
I was not aware of this. Thanks for the pointer. I will check it out.
~M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20100928/9df077f7/attachment-0001.htm
More information about the bazaar
mailing list