#1206 Update python FUSE for OSS release

v1.0.0
closed
sf-8 (45)
General
nobody
2015-08-20
2010-11-30
No

For the OSS release, we'd like to not rely on the current SCM deployment environment that sf.net uses, including

  • patched versions of the SCM tools
  • patched version of ssh
  • sfx tools to manage ssh keys
  • SOG FUSE to manage access control

Instead, we'd like to have a FUSE filesystem that runs without need for patched ssh/scm tools. We already have the start of one. To complete it, we need

  • Support for a virtual ~/.ssh directory in user accounts (to allow use of unpatched ssh)
  • Admin screen allowing for ssh key upload

Discussion

  • Rick Copeland - 2010-11-30
    • custom_field__milestone: dec-6 --> backlog
     
  • Rick Copeland - 2010-12-07
    • custom_field__milestone: backlog --> dec-13
     
  • Rick Copeland - 2010-12-10
    • custom_field__milestone: dec-13 --> dec-20
     
  • Rick Copeland - 2010-12-16
    • status: open --> in-progress
     
  • Rick Copeland - 2010-12-17

    There is a little more to this, as users in allura need to appear as users on the scm hosting system. The initial approach will be to use schroot to create a chroot jail inside which sshd will run (and inside which sshd will determine who is allowed to login). We will then use a FUSE to manage the /etc filesystem in the chroot so that an Allura-generated /etc/passwd and allura-generated /etc/shadow appear. We will also manage the /home directory in the chroot as well as /git /hg and /svn directories (for access control).

     
  • Rick Copeland - 2011-01-28
    • status: in-progress --> code-review
     
  • Rick Copeland - 2011-01-28

    Test link to commit [2aa174]

     
  • Rick Copeland - 2011-01-29

    I should mention that the approach changed a bit -- now the chroot includes an LDAP server (slapd) which manages the passwd and group databases. /home in the chroot is 'normal', and the host system is responsible for uploading ssh keys via the schroot command.

     
  • Rick Copeland - 2011-01-31
    • status: code-review --> closed
     

Log in to post a comment.