Re: [Monotone-devel] Security and Permissions
Top-posting. I found the information I need: http://monotone.ca/docs/Hooks.html#index-get_005fnetsync_005fread_005fpermitted-_0028_0040var_007bbranch_007d_002c-_0040var_007bidentity_007d_0029-209 Cheers, Daniel. Daniel Carrera wrote: Hello, Hypothetically, how would you configure monotone so that a core set of developers can see one branch and the other developers can see all other branches? Would the following work or do I need some "deny" lines or something? comment "Allow only core devs to see the secret branch" pattern "net.venge.monotone.secret" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" comment "Allow regular developers to see other branches" pattern "*" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" ___ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel ___ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
Re: [Monotone-devel] Security and Permissions
Hello, Hypothetically, how would you configure monotone so that a core set of developers can see one branch and the other developers can see all other branches? Would the following work or do I need some "deny" lines or something? comment "Allow only core devs to see the secret branch" pattern "net.venge.monotone.secret" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" comment "Allow regular developers to see other branches" pattern "*" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" ___ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
Re: [Monotone-devel] Security and Permissions
Ludovic Brenta wrote: The security model is actually quite crude as write permissions are database-wide. Read permissions can be per-branch within a database; see "Network Service Revisited" in the doc. To complement the security model, there is also a trust model. You can set up a per-user filter in your ~/.monotonerc that will "hide" all revisions you don't trust. See "Trust Evaluation Hooks" in the manual. Thanks. I just read "Network Service Revisited" but I cannot find "rust Evaluation Hooks". Could you tell me where it is? So, if you wanted to have a secret branch (e.g. where core developers work on security vulnerabilities) you would use monotonerc, yes? pattern "net.venge.monotone.secret" allow "[EMAIL PROTECTED]" allow "[EMAIL PROTECTED]" This would work if you run a monotone server with netsync but if you run Monotone through SSH, a developer could just edit monotonerc to let himself into the secret branch. You could allow core developers to use SSH, but other developers would have to use netsync. Am I right? Thanks. ___ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
Re: [Monotone-devel] Security and Permissions
Daniel Carrera writes: > Hello, > > I believe that Monotone can be configured so that some users are not > able to read or write certain parts of the source tree. But I can't > figure out where this is explained. I can't find it in the docs. > > Could someone point me to the right place? The security model is actually quite crude as write permissions are database-wide. Read permissions can be per-branch within a database; see "Network Service Revisited" in the doc. To complement the security model, there is also a trust model. You can set up a per-user filter in your ~/.monotonerc that will "hide" all revisions you don't trust. See "Trust Evaluation Hooks" in the manual. -- Ludovic Brenta. ___ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel
[Monotone-devel] Security and Permissions
Hello, I believe that Monotone can be configured so that some users are not able to read or write certain parts of the source tree. But I can't figure out where this is explained. I can't find it in the docs. Could someone point me to the right place? Daniel. ___ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel