[Gnu-arch-users] Re: expert needed: arch doesn't support multi-committer archives!

[Pau Aliagas]

On Mon, 6 Oct 2003, Jonathan Walther wrote:

> On Mon, Oct 06, 2003 at 04:16:24AM -0400, James Blackwell wrote:
> >> This worked reasonably well as long as I was the only one using it.  But
> >> when I tried to let other people commit to the repositories, the
> >> permissions got mucked up.  I spent time on IRC with Tom Lord, Andrew
> >> Suffield, and some other very helpful souls.  They said that this was a
> >> problem for sysadmins to solve, or at least for a sysadmin to point out
> >> what arch needs to do to enable a solution.
> >
> >
> >The trick I use is to make an account just for an archive. I then add
> >each developer's ssh key to that account's authorized_keys. 
> 
> Thanks James.  That might work in my case, but overall it doesn't seem
> to cover each of the 6 cases I mentioned.  For instance, if I only want
> one user to be able to commit, but want only a particular group of
> people to be able to do checkouts, how can one tell arch about the
> permissions scheme?

You could create another user that belongs to the same group than the 
previous user, so that he has read access. Put the RO user keys there.

> How SHOULD one be able to tell arch about the permissions scheme?

In theory, permissions are preserved; owner is always the one accessing
the filesystem, be it the sftp user, be it the committer if he accesses
via the filesystem.

> POSIX ACL's may be nice, but requiring Linux to use arch would be
> locking out a lot of *BSD users who would never let us hear the end of
> it.

I wouldn't take this way.

Pau