[Balug-Talk] Monotone permissions problem

Joe Brenner doom at kzsu.stanford.edu
Mon Jul 30 18:32:58 PDT 2007 

I'm trying to get a simple monotone setup working over a network.
I'm seeing a permissions problem: I can get read access, but not
write access.  I've run out of ideas for things to check, and
I'm looking for suggestions.

A pull command on the client works without any problem:

   mtn --db=/var/mtn/wudan.mtn pull -kdoom-t1 at dancer.or.com 192.168.1.3 com.or.t1

(Note here the "client" is 192.168.1.144, where the "server" is 192.168.1.3)

But when I issue the sync command on the client:

   mtn --db=/var/mtn/wudan.mtn sync 192.168.1.3 com.or.t1

I get the following messages:

   mtn: connecting to 192.168.1.3
   mtn: finding items to synchronize:
   mtn: ticks: c="certificates"/256, k="keys"/1, r="revisions"/64
   mtn: ckr
   mtn: warning: protocol error while processing peer 192.168.1.3: 'received network error: denied 'doom-t1 at dancer.or.com' write permission for 'com.or.t1' excluding '''
   mtn: ticks: >="bytes in"/1024, <="bytes out"/1024, r="revs in"/1, R="revs out"/1
   mtn: ><rR
   mtn: error: processing failure while talking to peer 192.168.1.3, disconnecting


The error messages on the server side looks like:

   mtn: beginning service on <all interfaces> : 4691
   mtn: accepted new client connection from 192.168.1.144 : 50787
   mtn: allowed 'doom-t1 at dancer.or.com' read permission for 'com.or.t1' excluding ''
   mtn: warning: error: denied 'doom-t1 at dancer.or.com' write permission for 'com.or.t1' excluding ''
   mtn: peer 192.168.1.144:50787 write failed in working state (error)


The details on the setup is like so:

Both client and server are GNU/linux machines with monotone 0.30 installed.

On the server:

~/.monotone/write-permissions:

  doom-t1 at dancer.or.com

~/.monotone/read-permissions:

  pattern "*"
  allow "doom-t1 at dancer.or.com"

~/.monotone/monotonerc:

  function get_passphrase(keypair_id)
    return "XXX"
  end

  function get_netsync_read_permitted (collection, identity)
  if (identity == "doom-t1 at dancer.or.com") then return true end
    return false
  end

  function get_netsync_write_permitted (collection, identity)
    if (identity == "doom-t1 at dancer.or.com") then return true end
    return false
  end

  function get_netsync_anonymous_read_permitted (collection)
    return false
  end


On the client:

~/.monotone/monotonerc:

function get_passphrase(keypair_id)
   return "YYY"
end

Previously I've done the key exchange like so:

On the client:

  mtn genkey doom-t1 at fineline.or.com > ~/doom-t1-dancer.pubkey

(with passphrase matching the "XXX" above).

  scp ~/doom-t1-dancer.pubkey doom at 192.168.1.3:~/

Then on the server:

  cat ~/doom-t1-dancer.pubkey |  mtn --db=/var/mtn/wudan.mtn read

More information about the Balug-Talk mailing list