[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] self-contained changesets?
From: |
Paul Hedderly |
Subject: |
Re: [Gnu-arch-users] self-contained changesets? |
Date: |
Thu, 16 Oct 2003 10:33:06 +0100 |
User-agent: |
Mutt/1.3.28i |
On Sun, Sep 28, 2003 at 09:47:55PM +0200, Jan Hudec wrote:
>
> Probably the easiest solution would be to have a restricted sftp server
> with a limit on a per-key basis. Limiting ssh keys to run only specific
> command works nicely. So the restricted sftp server remains. Does it not
> exist somewhere yet?
>
Yes. "scponly" (Debian: apt-get install scponly) which could easily be
tweaked.
I was pondering making it do so that each user could only commit to an
archive setup for them on that server (not by uid/gid but by ssh key)
and then have a cron job or dnotify based daemon that star-merged those
changes into the main archive.
This would give accountability (you have a history of who made the
changes) and also restrict people to only having filesystem write/delete
access to their own 'remote' archive.
Of course an-other solution to the multiple users having write access to
one remote archive, is for them NOT to have any access to that archive,
but to have a job on that server star-merge from the users own published
archive. Either regularly, or prodded by email or somesuch.
--
Paul
- Re: [Gnu-arch-users] self-contained changesets?,
Paul Hedderly <=