User masquerading - audit trail?
Dmitry Nezhevenko
dion at inhex.net
Mon Oct 6 15:27:24 CDT 2008
On Sun, Oct 05, 2008 at 03:07:18AM +0300, Giorgos Keramidas wrote:
> > Level 1: Untrusted developers. They must email all patches to a
> > Trusted Developer
> > Level 2: Semi-trusted developers. They can push patches, but their
> > usernames must match their authenticated username
> > Level 3: Trusted developers. These are core developers that can push
> > their own patches or push other people's patches. No
> > checking is done to verify that they are who they say they
> > are since they are fully trusted.
>
> That sounds nice :)
It's possible to write pretxnchangegroup hook that can reject changesets.
The only trouble is to determine user ID.
This can be done using svn:// protocol. It should be enough to just create
one "shared" hg account and write each user that should have push-access
to ~/.authorized_key. ssh allows to specify command that will be executed.
Also there is way to set some environment variable.
--
WBR, Dmitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://selenic.com/pipermail/mercurial/attachments/20081006/1940ce63/attachment.pgp
More information about the Mercurial
mailing list