gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: expert needed: arch doesn't support multi-committer

From: Ethan Benson
Subject: [Gnu-arch-users] Re: expert needed: arch doesn't support multi-committer archives!
Date: Tue, 7 Oct 2003 01:59:59 -0800
User-agent: Mutt/1.3.28i 
On Tue, Oct 07, 2003 at 11:08:29AM +0200, Pau Aliagas wrote:
> On Mon, 6 Oct 2003, Ethan Benson wrote:
> 
> > On Mon, Oct 06, 2003 at 09:46:09AM -0700, Tom Lord wrote:
> > > In short, I think James has nailed the answer cold and I'm not sure
> > > why his solution was so glibly brushed aside in favor of all the other
> > > discussion.
> > 
> > because from a system administrators point of view shared accounts are
> > simply unacceptable.  they provide absolutly no accountability for who
> > is doing what.
> 
> They provide enough in this situation.
> 
> > with a shared sftp account anyone granted access to it can sftp in and
> > rm -rf the entire archive, and nobody can ever hope to figure out who
> > it was who did it.
> 
> You can setup the permissions in ways they will work:
> 
> Create userA.groupA to hold the archives:
> * archive dir belongs to userA.groupA
> * archive premissions: u+rw, g+rws, o+r
> 
> Create an account users_rw that belongs to groupA:
> * give access to the members that need rw access (put ssh pub keys in place)
> * all the members that are given sftp through this account will be able to 
>   read/write the archive

this is not different then a single shared unaccountable account.

> * accounting will be logged

not in any meaningful way.  unless you only allow connections to the
shared account from localhost, forcing a real login first.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgplGzQo0ngvL.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]