[petsc-dev] please make myself and Satish admin on bitbucket.org/petsc
Satish Balay
balay at mcs.anl.gov
Sat Feb 11 09:17:47 CST 2012
Trying out bitbucket - noticed one more thing.
premise: We need multiple repos and multiple admins
This looks difficult to implement [without admins sharing 'petsc'
passwd - and doing everything as the owner - which sean/barray are
trying out now].
Single repo - multiple admins is fine. multiple repos with a single
'owner/admin' is fine.
With multiple repos we want
reposGroupA - access-control-list-A
reposGroupB - access-control-list-B
[do this either in 1 account or 2 accounts - doesn't matter]
To have a common access control list for a group of repos - 'user
group' appears to be the thing to use [as we have to set access-list
for each repo separately]. However this is not easy to admin:
- user 'petsc' can create a group [petsc:groupA]
- admin 'balay' can't modify this group [if he need to add another person]
- admin 'balay can't look at the contents of [petsc:groupA] - to see who
is in it and who is not.
- however amdin 'balay' can create a new group [balay:groupB] - and
add this to the access control list
So we can set the accesscontrol list to repos petsc/petsc,
petsc/buildsystem to be the following - but one will not know [without
e-mail commuication] the complete list of folks in these groups.
petsc:groupA balay:groupB bsmith:groupC
This might work - We can ignore duplicate users across groups and keep
adding users in the the personal groups - when in doubt. But deleting
users will be combersome.
So project admintration [with multiple admins] is not as simple as it
appeared before..
Satish
On Fri, 10 Feb 2012, Satish Balay wrote:
> On Fri, 10 Feb 2012, Satish Balay wrote:
>
> > On Fri, 10 Feb 2012, Sean Farley wrote:
> > With petsc.cs.iit.edu - yes I have to create a project manually and
> > assemble the group and admin/s . But with bitbucket - you can create
> > your own account [ala project] and assemble your own group - aswell as
> > set admins.
>
> minor modification:
>
> with petsc.cs.iit.edu I create the project - and set the initial
> admin/s. They can login and set the group as needed.
>
> But usually I'm also the admin as most folks didn't want to deal with
> the admin part - it was easier to just tell me what was needed. [its
> usually manually editing authorized keys file]
>
> I'll concede that the gui admin for bitbucket is perhaps
> better. [instead of logging in shell - you log-into a website and use
> the gui].
>
> One good aspect of bitbucket thats not on petsc.cs.iit.edu is: If a
> user exists in multiple projects - the keys are duplicated manually
> for each project account on petsc.cs.iit.edu. However bitbucket
> maintains a single copy and uses it across all projects.
>
> Since the number of projects was relatively small - the lack of this
> functionality wasn't a big deal..
>
> > After this creation - on petsc.cs.iit.edu any user in the group can
> > create repos without my intervention.
> >
> > hg clone foobar ssh://petsc@petsc.cs.iit.edu//hg/petsc/foobar
> >
> > With bitbucket - only owner can create the new repo [not any member of
> > a default group]. Don't know about admins..
> >
> > wrt delete - petsc.cs.iit.edu admin for project petsc can ssh over and
> > delete repos [via shell access]. Looks like with bitbucket - only owner
> > can do the deletion of repo [not even admins]
More information about the petsc-dev
mailing list