Bazaar SSH access control
John Arbash Meinel
john at arbash-meinel.com
Wed Oct 31 14:43:14 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
...
>
> After reading the above outline and parts of the code, I'm not sure
> what's "the best way" to do this and if something like [2] would
> work.?
>
> I'm interested in implementing the plugin but would like to get
> some feedback on both Andrew's proposal and my sketchy code.
>
> Thanks.
>
>
> [1]
> http://thread.gmane.org/gmane.comp.version-control.bazaar-ng.general/65916/focus=66056
>
>
[2] https://bazaar.launchpad.net/~schuio/+junk/bzr-ssh-serve/files
>
>
So chroot and ~/homedir support are both implemented using
PathFilteringTransport, so I think something like this would work for you.
However, I would mention that it might be easier to hook it at a
different point than 'ssh-serve'.
a) you might at least want to call it acl-serve, since it isn't
actually serving ssh. The process is connecting via ssh to your
machine, which is spawning 'bzr serve ...' (or whatever you configure
in your authorized_keys file.)
b) 'bzr serve' already has support for --protocol, which might be an
easier place to hook into. I won't guarantee that, but it might be
something to look at.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCROQIACgkQJdeBCYSNAAPPXwCfTxgMIgPc26NfPA9iMZoQHYPE
qtsAoMJnQZz0ngkUhzYtJtc09SIRrxRP
=bj0c
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list