multiuser Hg access w/o shell account?
Mark Reinhold
mr at sun.com
Wed Jun 6 04:34:55 UTC 2007
> Date: Tue, 05 Jun 2007 18:38:05 -0500
> From: tom.marble at sun.com
> The use case I'm trying to work on is Mercurial best practices
> for setting up a multi-user repository. My assumptions are:
> - I only want to support push via ssh (not http) because
> of more secure authentication and optional compression
> - I want control of exactly what kind of shell privileges
> each user has
> - Setting up ssh for password-less operation is understood [1]
> - In reviewing the man page for "hg push" [2] it is clear
> that a shell account is required for ssh pull/push to work.
Unless you're willing to rely on .htpasswd-like authentication [1].
(Which I'm not.)
> ...
>
> Are there alternative best practices for multiuser
> commit access via ssh?
Yep. I've set up some (Sun-internal) hg trees that support multiuser
pushes using the hg-ssh script [2]. Far simpler than hacking rbash,
especially since everyone winds up running under the same user id on
the server.
- Mark
[1] http://www.selenic.com/mercurial/wiki/index.cgi/HgWebDirStepByStep#head-746ca383e3a62df34279ec2fca888113497da022
[2] http://www.selenic.com/mercurial/wiki/index.cgi/SharedSSH
More information about the build-dev
mailing list