As described on MultipleCommitters, one way of collaboration (the CVS-like model) is setting up a central [:Repository:repository] every user pushes his changes to and pulls the others' changes from. This page describes how to create such repositories accessible via a shared ssh account without needing to give full shell access to other people.


How this works

When accessing a remote repository via Mercurial's ssh repository type, hg basically does a

$ ssh hg -R /path/to/repos serve --stdio

and relies on ssh for authentication and tunneling. When using public key authentication, ssh allows limiting the user to one specific command, which can do all the sanity checks we want and then calls hg just like ssh would in the example above. Note that every user gets his own private key and his own entry in authorized_keys, which allows the scripts to distinguish between different users and thus enforce e.g. access permissions.

There are three alternative implementations of scripts which provide access only to explicitly allowed repositories:




See also AclExtension, HgWebDirStepByStep.

CategoryWeb CategoryHowTo