[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] db kill_rev_locally

From: Daniel Carrera
Subject: Re: [Monotone-devel] db kill_rev_locally
Date: Sun, 12 Oct 2008 14:00:22 +0200
User-agent: Thunderbird (Macintosh/20080914)

Ludovic Brenta wrote:
Which would require me to have SSH login ("daniel"). What am I missing?

You are correct but the address@hidden account may be
unprivileged (running a restricted shell) and shared with other
developers.  You might as well call it after the project the
developers work on, e.g. address@hidden  The monotone
server itself, and the database, belong to and run as a different
user, e.g. address@hidden

Thanks. I believe I understand the technique now. Make a dummy account where all the devs login and give them a shell that does nothing. It's very good, and it seems to work in every case in which my initial proposal works. It'd be nice if it was documented on the website somewhere.

I run a public monotone server on; see for explanations.  The
security model is simple: everyone has read access, and only a few
trusted developers have write access to the entire database (they can
create branches at will).  Because this is a netsync server running as
a "monotone" user that has /bin/false as its shell, only sysadmins
with root access to the machine can delete from this database.

Thanks. I'll read that article.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]