Bazaar SSH access control

[Michael Schubert]

In need of a tool allowing more fine-grained access control for SSH users,
I would like to pick up a proposal [1] by Andrew Bennetts from back in 2010:


"If I were to implement this, it would look like this:

  * set command="bzr acl-serve /path/to/acl-config" in your authorized_keys,
  * have that config file define read/write permissions for various combinations
    of paths and users,
  * and write (and install system-wide) a plugin that implements 'bzr acl-serve'.

The plugin would:

  * register the 'acl-serve' command, which would:
    * parse the config file determine the SSH user,
    * using that info register an 'aclbzr' server in
      bzrlib.transport.transport_server_registry, then
    * run 'bzr serve --inet --protocol=aclbzr --directory=something'
  * the 'aclbzr' server would be a function that works much like
    bzrlib.smart.serve.serve_bzr (the default implementation), but uses a
    custom transport decorator to enforce ACLs before passing requests to the
    underlying LocalTransport."


After reading the above outline and parts of the code, I'm not sure what's
"the best way" to do this and if something like [2] would work.?

I'm interested in implementing the plugin but would like to get some feedback
on both Andrew's proposal and my sketchy code.

Thanks.


[1] http://thread.gmane.org/gmane.comp.version-control.bazaar-ng.general/65916/focus=66056
[2] https://bazaar.launchpad.net/~schuio/+junk/bzr-ssh-serve/files