|
From: | Daniel Carrera |
Subject: | Re: [Monotone-devel] db kill_rev_locally |
Date: | Sun, 12 Oct 2008 14:00:22 +0200 |
User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Ludovic Brenta wrote:
Which would require me to have SSH login ("daniel"). What am I missing?You are correct but the address@hidden account may be unprivileged (running a restricted shell) and shared with other developers. You might as well call it after the project the developers work on, e.g. address@hidden The monotone server itself, and the database, belong to and run as a different user, e.g. address@hidden
Thanks. I believe I understand the technique now. Make a dummy account where all the devs login and give them a shell that does nothing. It's very good, and it seems to work in every case in which my initial proposal works. It'd be nice if it was documented on the website somewhere.
I run a public monotone server on www.ada-france.org; see http://www.ada-france.org/article131.html for explanations. The security model is simple: everyone has read access, and only a few trusted developers have write access to the entire database (they can create branches at will). Because this is a netsync server running as a "monotone" user that has /bin/false as its shell, only sysadmins with root access to the machine can delete from this database.
Thanks. I'll read that article. Daniel.
[Prev in Thread] | Current Thread | [Next in Thread] |