Using bzr in a centralized, controlled fashion

Joke de Buhr joke.de.buhr at seiken.de
Wed Oct 28 09:19:48 GMT 2009 

You may want to use the bazaar smart server via http.
  http://doc.bazaar-vcs.org/latest/en/user-guide/http_smart_server.html

Access is controlled via apaches authentification controls. I'm using it 
to do group based LDAP authentification. You can control access on a per 
branch basis.
No local shell accounts are required. The bazaar client directly interacts 
with apache. It's never possible for any user to manuale harm branches.

On Sunday 25 October 2009 23:24:06 Michael B. Trausch wrote:
> I have a client that wants to use bzr in the following manner:
> 
>  * There is a dedicated storage area on the server for storing shared
>    repositories (/srv/bzr) and projects/branches are stored using the
>    convention /srv/bzr/$PROJECT_NAME/$BRANCH_NAME.
> 
>  * This dedicated storage area should be read/write to a bzr smart
>    server, and users should have no direct access (read or write) to
>    the repositories.
> 
>  * The repositories contain private software, and should only be
>    accessible by people based on their credentials.
> 
> My thought was to use bzr+ssh.  However, I'm not sure how that would
> work for multiple users.  If you have users "a" and "b" on the system,
> and they both can write to /srv/bzr/privateProject/trunk (or anything
> else, for that matter) in terms of policy, how does that map into the
> way bzr works?  AIUI, the smart server runs with the UID and privileges
> of the calling user, so the resulting new files and the like would be
> owned by that user.  What I'd like is the ability for bzr to run as its
> own user, say even just "bzr", and it be the only thing that has access
> to these things.
> 
> I suppose what I'm looking for is really a smart server with
> authentication and authorization capability, but I don't think that is
> available yet, is it?
> 
> 	--- Mike
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20091028/2783c6f3/attachment.pgp

More information about the bazaar mailing list