Read access control with Mercurial and Apache

security apache-2.2 mercurial

I've set up Mercurial via Apache (hgwebdir.cgi). I would like to have the same functionality as when using Subversion and AuthzSVNAccessFile, in which I can restrict which user has read or write permissions for every single repository. The acl extension only controls how changes are brought to the repository, as does the allow_push directive. Any thoughts?


Solution 1:

There is an allow_read directive that can be added to a repository hgrc that works the same way as allow_push. If specified, and the user accessing the hgwebdir CGI script is not in the list, the project doesn't even show up at the index page.

Solution 2:

They're served up via apache or lighttpd, right? So you could maybe hide them behind normal webby ACL things? (basic auth, etc)

Note that, as with git, as a consequence of they way they work, you're never going to be able to have control at any finer granularity than the repository level. You can grant whole-repo access or not, but never just 'you can read this one file in the repo' access.

Related

How do I log tls-encrypted smtp traffic?
Windows network SNMP traffic overflow?
Nginx: Forward all Subdomains
Blocking outgoing mails to some users in exim
SSH gateway with all config on the gateway?
How to customise email headers from Vixie-cron (debian) and msmtp?
Problems redirecting Error 400 Bad Request to custom page
HP DL360p with Intel E5-2630 NUMA Capable?
GKE pod connecting via VPN?
Microsoft DNS - Access is Denied. Event log: The DNS server was unable to open Active Directory
Accidentally deleted wrong logical drive HP Smart Array P800 controller
linux eats all memory, seems like it is not for specific application [duplicate]