Providing write access to branches means providing UNIX accounts

Bug #280619 reported by Jonathan Lange
6
Affects Status Importance Assigned to Milestone
Bazaar
Confirmed
Wishlist
Unassigned

Bug Description

A user on #bzr has just asked about a way to host branches for people that doesn't require SSH accounts. As far as I'm aware, no such solution exists.

This is a pity, since many people have a resistance to adding new UNIX accounts.

Revision history for this message
Martin Meredith (mez) wrote :

I am this user. While I obviously know about Launchpad, I wish to do this in a closed environment at the moment, but don't want the hassle of having to audit X more UNIX accounts (even if only restricted to bzr+ssh, I would ALSO have to chroot jail them)

Revision history for this message
Jonathan Lange (jml) wrote : Re: [Bug 280619] Re: Providing write access to branches means providing UNIX accounts

On Thu, Oct 9, 2008 at 6:07 PM, Martin Meredith <email address hidden> wrote:
> I am this user. While I obviously know about Launchpad, I wish to do
> this in a closed environment at the moment, but don't want the hassle of
> having to audit X more UNIX accounts (even if only restricted to
> bzr+ssh, I would ALSO have to chroot jail them)
>

FWIW, the 'bzr serve' command uses chrooted transports to serve files.

jml

Revision history for this message
Martin Meredith (mez) wrote : Re: [Bug 280619] Re: Providing write access to branches means providing UNIX accounts

However, I don't believe that it allows secured writes?

Martin Pool (mbp)
Changed in bzr:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
John A Meinel (jameinel) wrote :

Martin- I think you mean "authenticated" writes, though I'm not 100% sure what you mean by "secured."

There are some options that don't involve us writing a custom secure authentication stack.

You can also use bzr+http and configure the access control via htaccess files (or anything that your webserver supports, I know Apache has support for LDAP, dbs, PAM, etc.)

In the end, you just end up trading 1 set of listings for another. I think there might already be a bug open about providing authentication for 'bzr serve', however as you can already use https or ssh to handle authentication, it seems like a lot of work to provide yet-another-authentication-mechanism that is as secure as all the ones that already exist.

As to do it right, you should encrypt the connection, and to do that you need to introduce certificates, and to manage that....

Yes, we *could* provide plaintext password auth, but that seems like almost as big of a security hole as just having you allow writes. (In some ways bigger, because now people are sending a password which might be shared elsewhere).

You also get into issues of password management, etc. Can users change their passwords?

Perhaps there exists a simple auth server we could use for this?

Revision history for this message
Martin Meredith (mez) wrote :

I'm actually looking into doing this with paramiko, the way it would
work is something like the following

bzr setup-ssh

This would run a script that would generate an SSH public key for the
server.

Then, a user who has write access would run, for example

bzr ssh-user-add mez /path/to/public/key

Which would then add my SSH public key with the username "mez" to bzr

They would then run

bzr serve --ssh

Which would run a bzr server that worked exactly as bzr serve does now
(and would actually use that first) but would require a login first via
SSH

So, instead of using

bzr://foo.com:2122/path etc

It would use

bzrssh://user@domain:port/path

Which would then use the inbuilt server to authenticate the person with
their SSH key.

I think this is doable, and shouldn't be too hard (except for my lack of
python and paramiko knowledge!)

Jelmer Vernooij (jelmer)
tags: added: check-for-breezy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.