bzr_access installation and usage
Stephen J. Turnbull
stephen at xemacs.org
Sun Oct 18 11:10:37 BST 2009
On Sun, Oct 18, 2009 at 6:12 PM, Eugene Wee <crystalrecursion at gmail.com> wrote:
> Okay, after trying it out, I now remember the problem I had in mind
> when I stated that "with multiple repositories, I will need either
> multiple key pairs or multiple user accounts" last night. The problem
> is that the repository (collection) has to be provided as an argument
> to bzr_access so bzr_access can find the appropriate bzr_access.conf
> file. This means that if I have more than one repository, they all
> have to be under the same repository collection, and a user with
> access to one has access to all. As such, if I have another shared
> repository repo3, and I want to allow alice access to repo1 and repo3,
> I cannot stop her from also accessing repo2 if my setup only has one
> user account and one key pair per user.
You set that up like this:
bzr_access.conf contains:
[groups]
admins = thelordoftheflies
workerbees = albert, agnes
aliceinchains = alice
[/var/bazaar]
@admins = rw
# free fire zone
[/var/bazaar/repo1]
@workerbees = rw
@alice = rw
# alice-free zone
[/var/bazaar/repo2]
@workerbees = rw
# alice's playen. workerbees look but don't touch.
[/var/bazaar/repo3]
@workerbees = r
@alice = rw
> For now, it seems to me that if you have unrelated projects and want
> to simplify things for your users, you are best off with a user
> account for each project, and one key pair per user.
I won't say that won't work for you, but I think that most projects want to
know who committed what, and this system means you will have to maintain
a separate system for that, perhaps by using the author slot. However, many
times projects want to distinguish between author and committer, and you can't
do that in the key-per-project setup.
More information about the bazaar
mailing list