HomeMulti-user, access-controlled Darcs

Reply to comment

Multi-user, access-controlled Darcs

CSÉCSY László's picture
Submitted by CSÉCSY László on 2009-05-11, Monday, 19:34
in

Exercise: grant darcs access to users connecting over SSH with the following specification:

  • they should be able to access only that is definitely needed;
  • repository access (read or read-write) should be easy to set up per user and per repository.

The key of the solution is a wrapper that allows only the appropriate darcs commands to be used; this simply excludes browsing though SFTP as well. Setup is trivial: upload the attached script to /usr/local/bin dir of the server as darcs-shell, and create a shared account (practically called darcs) that will be used for all server-side stuff. The shell of this user must be /usr/local/bin/darcs-shell. Access for developers can be set up pretty straightforward: add the public SSH key of any given developer to the darcs account's ~/.ssh/authorized_keys2 file, with the following trick:

command="darcs-shell developername" the_original_ssh_key

Write/read-only access is governed by the /usr/local/darcs/access file with the following format (do not forget the trailing slashes in repo paths):

developer1:/path/to/repo/:rw
developer2:/path/to/repo2/:r

I was offered a hand by Miklós Vajna and used his git-shell2 script.

AttachmentSize
darcs-shell2.48 KB

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <span> <img> <h2> <h3> <h4> <pre>
  • You can enable syntax highlighting of source code with the following tags: <coding>, <blockcode>, <drupal6>, <php>.
  • Lines and paragraphs break automatically.

More information about formatting options