Controlling clone access to multiple mercurial repos served via hgwebdir.cgi
Posted
by chrislawlor
on Server Fault
See other posts from Server Fault
or by chrislawlor
Published on 2010-05-24T16:31:17Z
Indexed on
2010/05/24
16:32 UTC
Read the original article
Hit count: 309
I'm trying to host multiple hg repositories to use for my clients. I need to control access to each repository individually - not just push access, but clone as well.
I've got an .htaccess set which requires authentication globally:
AuthUserFile /path/to/hgweb.passwd
AuthGroupFile /dev/null
AuthName "Chris Lawlor Client Mercurial Repositories"
AuthType Basic
<Limit GET POST PUT>
Require valid-user
</Limit>
<FilesMatch "\.(htaccess|passwd|config|bak)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Then in each repository, I've got a .hg/hgrc file requiring a valid user
[web]
allow_push = <comma seperated user list>
This almost does what I need. The problem is that I need to add ALL my clients to hgweb.passwd, which gives them clone access to ALL of the repositories.
The only solution I can think of is to have another .htaccess and .passwd file in EACH repository. I don't really want to do that though, seems a little convoluted. I can already specify a list of authorized users for each repository in that repos' hgrc file with the allow_push
setting. If only there were an allow_clone
setting as well...
All the documentation I've found for hgwebdir.cgi is incomplete. I've read: http://mercurial.selenic.com/wiki/HgWebDirStepByStep
http://hgbook.red-bean.com/read/collaborating-with-other-people.html#sec:collab:cgi
http://hgbook.red-bean.com/read/collaborating-with-other-people.html
And others. I've yet to find a comprehensive list of hgrc settings.
I guess this is as much an Apache question than a mercurial question.
Unless I can find a better approach, I'll be going with a seperate .htaccess and .passwd file for each repo.
This is a virtual host on Webfaction if it matters - set up roughly like this http://docs.webfaction.com/software/mercurial.html
© Server Fault or respective owner