<br><br><div class="gmail_quote">On Tue, Sep 28, 2010 at 4:39 PM, Max Bowsher <span dir="ltr"><<a href="mailto:maxb@f2s.com">maxb@f2s.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div><div></div><div class="h5">On 28/09/10 16:47, Maritza Mendez wrote:<br>
> Hi. There are a couple current threads here (ok, including one I<br>
> started) which include discussion of ACL-like properties for branches.<br>
> So I assume there is interest in this topic. I have had typically bad<br>
> expereinces with the ACL layer tacked onto some commercial version<br>
> control systems. So I am very cautious about suggesting similar<br>
> "enhancements" to bzrlib. Instead, I've been thinking about the Un*x<br>
> way -- many "little" tools, each of which does one job extremely well --<br>
> and leveraging the expertise and architecture already baked into every<br>
> Linux box.<br>
><br>
> Currently, I provide access controls for centralized "trunk" branches<br>
> for about a dozen projects in my organization. In the simplest case, I<br>
> set up a new branch a server and 'chown -R' the root of the branch to a<br>
> specific dummy user and 'chmod og-rwx'. More generally, a single dummy<br>
> user may own a "bzr group" of branches. My developers publish their RSA<br>
> public keys. I then manage access by adding/removing their keys from<br>
> the .ssh/authorized_keys in each dummy user's homedir.<br>
><br>
> This scheme works fine for a small number of branches but quickly gets<br>
> tedious. I started to imagine an administration tool, using a PyQt GUI<br>
> with an SQLite backend to track the registered branches, dummy accounts<br>
> across multiple severs and developer's public keys. As I went through<br>
> the use cases, I realized right away that I wanted more fine-grained<br>
> control. Namely, per-branch rather than per-dummy-user, because the<br>
> membership of a "bzr group" may change. The only way I can think of<br>
> getting per-branch control is by adding a user for *every* branch. I<br>
> suppose that's not too bad (as long as users are deleted when their<br>
> brnach is deleted) but it does seem a little clumsy.<br>
><br>
> So can anyone think of a better way to get from per-user access control<br>
> to per-branch access control with the tools we already have, i.e.<br>
> without modifying bzrlib?<br>
<br>
</div></div>Have you tried the contrib/bzr_access script within the bzr source tree?<br>
I have not, but it looks exactly like the kind of thing I think I'd be<br>
aiming for if I ever manage to promote Bazaar sufficiently within my own<br>
workplace.<br>
<font color="#888888"><br>
Max.<br>
<br>
</font></blockquote></div><br>I was not aware of this. Thanks for the pointer. I will check it out.<br><br>~M<br><br>