ACLs and hgweb?
Jeff Abbott
fdiv_bug at sniping.org
Wed Feb 27 14:25:02 CST 2008
Heya, Ezra! Thanks for the feedback!
Ezra.Smith at bentley.com wrote:
> We're running on a Windows network here, and we've found that the best
> way to integrate Mercurial with our current access control setup was to
> use filesystem permissions and repository hooks. Hgweb already works
> well with filesystem permissions by default. If a user can't read a
> directory, it doesn't show up on the web interface.
Really? How does that work? At least with Apache on Linux, the hgweb
script is running as the Apache user, not as the logged-in user. Are
you using NTLM authentication with IIS, or some such?
> To handle pushes and pulls more elegantly, we wrote some Python scripts
> that get called from prechangegroup and preoutgoing hooks. For any user
> trying to push/pull/clone a repository, a hook will find out what groups
> the user belongs to, match it against groups that have read or write
> access to the repository, and proceed accordingly.
I was also looking into hooks, and I found no clear way to identify the
location which was being pulled from, or the REMOTE_USER setting. Am I
missing something?
> It's really easy to work with now that we have it set up. To change a
> repository's access controls, all we have to do is change its
> permissions in the filesystem, and that lets us control everything with
> ActiveDirectory groups.
This sounds pretty ideal, frankly, but I guess I'm doing something wrong
with regards to how I'm trying to implement it here because it's doesn't
seem to work for me the way it works for you. :-\
Thanks,
Jeff
More information about the Mercurial
mailing list