Differences between revisions 9 and 10
Revision 9 as of 2008-04-05 21:45:07
Size: 1362
Editor: abuehl
Comment: link directly to section hg-ssh on SharedSSH page
Revision 10 as of 2009-05-19 19:31:05
Size: 1363
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
It's recommended that this extension is used with [:SharedSSH#head-479a09967fe00153f64bf5fa08ae0b5ede15c388:hg-ssh] (a restricted shell for Mercurial ssh access) to tighten security. It's recommended that this extension is used with [[SharedSSH#head-479a09967fe00153f64bf5fa08ae0b5ede15c388|hg-ssh]] (a restricted shell for Mercurial ssh access) to tighten security.

Acl Extension

This extension is currently being distributed along with Mercurial.

Author: Vadim Gelfer

1. Overview

The ACL extension lets you have fine grained access control to parts of a repository using deny and allow lists. These lists associate glob patterns to users. Furthermore, it can restrict changes depending on its source (http, ssh, pull, push, bundle).

It's recommended that this extension is used with hg-ssh (a restricted shell for Mercurial ssh access) to tighten security.

2. Configuration

Below is an example configuration file (hgrc) provided with the sources. The acl lists use the pattern = user syntax, where pattern is a glob by default. :

[extensions]
hgext.acl=

[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook

[acl]
sources = serve        # check if source of incoming changes in this list
                       # ("serve" == ssh or http, "push", "pull", "bundle")

[acl.allow]
# if acl.allow not present, all users allowed by default
# empty acl.allow = no users allowed
docs/** = doc_writer
.hgtags = release_engineer

[acl.deny]
# if acl.deny not present, no users denied by default
# empty acl.deny = all users allowed
glob pattern = user4, user5
** = user6


CategoryExtension

AclExtension (last edited 2015-05-04 18:19:06 by DisplayName)