[Wplug-web] Anonymous BK Access (this is the answer!!)

Zach Paine zman at angstrom.net
Thu Dec 21 13:02:34 EST 2000 

Ok here it is (sumarized):

/users/zman/public_html/wplug.zman is the repository we want to use.  If you
have ssh and an account (us) you can push to it.

I can set that up to be a public repository as well running on a specific port
so people can:

bk clone bk://wplug.org:5000 wplug

and get a readonly version.  

Now in wplug.zman, all of the sensitive files are symlinks to files in another
repository, lets say wplug.confidential.  When users grab the anonymous stuff,
because they are not allowed to change directories, they won't get the
sensitive stuff.  They can make changes and submit bk patches.  As far as us,
we can push to both of those repositories!

THIS IS IT!
/me is excited :)

Here is the actual email from the Pres/CEO of BitMover:

Later,
Zach

----- Forwarded message from Larry McVoy <lm at bitmover.com> -----

X-From_: lm at bitmover.com Thu Dec 21 12:57:07 2000
Date: Thu, 21 Dec 2000 09:57:05 -0800
From: Larry McVoy <lm at bitmover.com>
To: Zach Paine <zman at angstrom.net>
Cc: bitkeeper-users at bitmover.com
Subject: Re: Setting up bk
Mail-Followup-To: Zach Paine <zman at angstrom.net>,
	bitkeeper-users at work.bitmover.com
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <20001221124257.D3854 at angstrom.net>

> So if someone clones my_website it will be unable to grab the symlinks?  This
> would prevent people from looking at confidential stuff, but how would the
> developers submit patches normally to the website?  my_website is set to
> -xpush and -xcd so they couldn't do it there could they?

The symlinks would propogate, since symlinks are revision controlled by
BK, but what they point to would not propogate, that's part of some other
repository.

As to how your developers would submit patches, that's a very common 
problem, which I'll restate to make sure I have it right:

You want to have a package which you allow the world to read your stuff
but restricts write access to a selected few.  That's it right?

BK gives you a couple of ways to do this; the way everyone does it is this:
you use the BKD to give out the read only access and you tell people what
the BK url is, i.e., bk://someplace.com:5000 is the foofra project.  For
the read/write access, those are typically trusted people and you give 
them ssh access to a machine with a clone into which you allow pushes.
Suppose bk://someplace.com:5000 is really someplace.com:/home/bk/foofra,
then you give your buddies a login on someplace.com and tell them that
the URL they want is someplace.com:/home/bk/foofra, i.e., a 

	bk clone someplace.com:/home/bk/foofra foofra

will do what they want and then they can push and it will prompt for a
password and allow them to push.

BK does have a more obscure way of allowing ssh access.  You can set things
up so the bkd is actually the login shell.  This means that the only thing
the user can do is run bkd commands, which is a lot safer than giving them
an account on the box.  This is how you'd typically integrate BK into 
something like sourceforge, in fact, that's exactly why we added it.
-- 
---
Larry McVoy            	 lm at bitmover.com           http://www.bitmover.com/lm 


----- End forwarded message -----

-- 
Zach Paine
http://www.wplug.org/~zman/zman.key
Key available from pgp.ai.mit.edu ID: 87746D3D 
Fingerprint: B813 EFB8 ECD0 0C34 6F7F  71DD 01E9 17C3 8774 6D3D

More information about the Wplug-web mailing list