multiuser Hg access w/o shell account?

Tom Marble Tom.Marble at Sun.COM
Tue Jun 5 23:38:05 UTC 2007 

All:

The use case I'm trying to work on is Mercurial best practices
for setting up a multi-user repository.  My assumptions are:
- I only want to support push via ssh (not http) because
  of more secure authentication and optional compression
- I want control of exactly what kind of shell privileges
  each user has
- Setting up ssh for password-less operation is understood [1]
- In reviewing the man page for "hg push" [2] it is clear
  that a shell account is required for ssh pull/push to work.
- I'm a Mercurial newbie and may have missed the FAQ
  entry for this on [3]

It would seem the most convenient way to handle multiuser
access then would be to add a local account for each authorized
remote user who will have commit access where each user is a member of
the same local UNIX group (for whatever nsswitch.conf authentication
mechanism is used on the Hg server) and (for Hg only users)
the shell is set to /bin/rbash [4].  The user(s) who will
administer Hg on the server must also be in the same UNIX
group and the .hg files must be set for group write permission.

An example of grabbing a mercurial snapshot, adding a file
and pushing it back to the server is shown below [5].

I'm assuming that adding many remote committers would be
fairly straightforward and scriptable.  It seems that rbash
can sufficiently control shell account usage.  What seems tricky
is exactly how group write permission must be maintained [6].
Should the umask be set to 002 in .bash_profile (i.e. fixed
via ssh)?  Or should one of the Mercurial hooks be used?

Are there alternative best practices for multiuser
commit access via ssh?

Thanks!

--Tom


[1] passwordless ssh means I can do this (machine "tv" is remote):

testme at ontologie 9% exec ssh-agent tcsh
testme at ontologie 2% ssh-add
Enter passphrase for /home/testme/.ssh/id_dsa: my secret passphrase
Identity added: /home/testme/.ssh/id_dsa (/home/testme/.ssh/id_dsa)
testme at ontologie 3% ssh tv cal
     June 2007
Su Mo Tu We Th Fr Sa
                1  2
 3  4  5  6  7  8  9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

testme at ontologie 4%

[2] http://www.selenic.com/mercurial/hg.1.html

[3] http://www.selenic.com/mercurial/wiki/index.cgi/FAQ

[4] Setting up restricted commands

root at tv 17# mkdir -p /usr/local/hg/bin
root at tv 18# cd /usr/local/hg/bin
/usr/local/hg/bin
root at tv 19# ln -s /bin/ls
root at tv 20# ln -s /bin/date
root at tv 21# ln -s /usr/bin/cal
root at tv 22# ln -s /usr/bin/hg
root at tv 23# ln -s /usr/bin/rsync
root at tv 24# grep PATH ~testme/.bash_profile
export PATH=/usr/local/hg/bin
root at tv 25#

[5] Example push via ssh

testme at ontologie 21% hg clone ssh://tv//data0/tmarble/mercurial/demohg
destination directory: demohg
requesting all changes
adding changesets
adding manifests
adding file changes
added 6 changesets with 5 changes to 4 files
3 files updated, 0 files merged, 0 files removed, 0 files unresolved
testme at ontologie 22% cd demohg
/home/testme/mercurial/demohg
testme at ontologie 23% date > testme.txt
testme at ontologie 24% hg add testme.txt
testme at ontologie 25% setenv EDITOR 'emacs -nw'
testme at ontologie 26% hg commit
No username found, using 'testme at ontologie' instead
testme at ontologie 27% hg push ssh://tv//data0/tmarble/mercurial/demohg
pushing to ssh://tv//data0/tmarble/mercurial/demohg
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 1 changes to 1 files
testme at ontologie 28%

tmarble at tv 100% pwd
/data0/tmarble/mercurial/demohg
tmarble at tv 101% hg update
1 files updated, 0 files merged, 1 files removed, 0 files unresolved
tmarble at tv 102% cat testme.txt
Tue Jun  5 18:08:40 CDT 2007
tmarble at tv 103% ls -l testme.txt
-rw-r--r-- 1 tmarble users 29 2007-06-05 18:08 testme.txt
tmarble at tv 104%

[6] complication of group permissions

mythtv at ontologie:~/mercurial/demohg$ hg pull ssh://tv//data0/tmarble/mercurial/demohg
pulling from ssh://tv//data0/tmarble/mercurial/demohg
searching for changes
adding changesets
adding manifests
adding file changes
added 4 changesets with 3 changes to 3 files
(run 'hg update' to get a working copy)
mythtv at ontologie:~/mercurial/demohg$ hg update
3 files updated, 0 files merged, 1 files removed, 0 files unresolved
mythtv at ontologie:~/mercurial/demohg$ cal > testme.txt
mythtv at ontologie:~/mercurial/demohg$ hg commit
No username found, using 'mythtv at ontologie' instead
mythtv at ontologie:~/mercurial/demohg$ hg push ssh://tv//data0/tmarble/mercurial/demohg
pushing to ssh://tv//data0/tmarble/mercurial/demohg
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: abort: Permission denied - /data0/tmarble/mercurial/demohg/.hg/data/testme.txt.i
remote: transaction abort!
remote: rollback completed
mythtv at ontologie:~/mercurial/demohg$

More information about the build-dev mailing list