Current state of the art in sharing repositories via SSH
tom.anderson at e2x.co.uk
Wed Jun 29 06:47:22 CDT 2011
On 28 June 2011 20:15, Matt Mackall <mpm at selenic.com> wrote:
> On Tue, 2011-06-28 at 19:40 +0100, Tom Anderson wrote:
>> It seems a shame that the ACL extension can't be used with a shared
> As it happens, Mercurial (and Python) will honor the LOGNAME environment
> variable here today:
> $ LOGNAME=foo python -c 'import getpass; print getpass.getuser()'
Aha! That makes life very considerably simpler, thanks.
I've actually just got a shared login working on a local machine with
the ACL extension and a minimal amount of setup.
(1) Change /etc/ssh/sshd_config to add:
Which enables environment option processing in the authorized_keys file.
(2) Added an entry to authorized_keys like:
And i can now do pushes operations as Bob!
This is not actually suitable for real use, though, as i can still do
anything else via ssh. It needs to have a command= to lock that down,
similar to the ones used by other methods. So, instead:
Then in ~hg/bin/hgsu.sh:
#! /bin/bash -eu
set -- $SSH_ORIGINAL_COMMAND
[[ $# -eq 5 ]]
[[ "$1" == "hg" ]]
[[ "$2" == "-R" ]]
[[ -d "$3/.hg" ]]
[[ "$4" == "serve" ]]
[[ "$5" == "--stdio" ]]
exec "$HG" "$@"
And there we have it. A shared SSH login which uses the ACL extension.
That script could be improved in a few ways. It could somehow check
that the target repository has ACLs enabled, so that users can't touch
unsecured repositories. Or it could check that the repository was on a
master whitelist of exported repositories. If it rejects a connection,
rather than simply bombing out, it could write to stderr (for the
client) and syslog (for the admin) to say why.
Does anyone see any problems with this?
If i polished this up a bit, would it be worth adding to the wiki page
for the AclExtension and SharedSSH?
Tom Anderson | e2x Ltd, 1 Norton Folgate, London E1 6DB
(e) tom at e2x.co.uk | (m) +44 (7960) 989794 | (f) +44 (20) 7100 3749
More information about the Mercurial