I would like to allow some users to read/write Bazaar repositories on a server using ssh.
I read about using bzr_ssh_path_limiter (with restricted ssh keys) which is a nice tool and seems to do the work. I've also seen that it is possible to use sftp for bazaar.
- Is bazaar ("bzr serve") secure enough that the client cannot execute any shell commands?
- Should I use sftp? Can I restrict access to a folder? and disallow shell commands?
Well, while I am inclined to trust the combination of bzr serve and ssh, there is still a lot less "moving parts" in an OpenSSH SFTP chroot. Hence, a lot less thing which could go wrong, or which could be exploited.
The potential problem with running bazaar against SFTP is that is relatively slow. Whatever that is a problem or not depends on what kind of repositories you will be sharing. Yet, if you are worried about security, then I think you should at least try the SFTP-chroot solution, to see whatever it is feasible or not.