1

We are planning to switch from SVN to a DVCS, probably mercurial. To collaborate, we'd like to still have a central server though. Currently, we use AuthzSVNAccessFile for ACLs and authentication to our central SVN server.

In the ACL file, we granted read/write access to groups/users to complete repositories or only subdirectories similar to that example (however for many repositories):

[repo:/foo]
bob = rw

[repo:/bar]
alice = rw

[repo:/common]
@repo-clients = r

The question is: what is the mercurial way of granting access with such fine-grained ACLs? Which HTTPS based server solution should we use? We'd like to have the ACL configuration for all repositories in one common file. Furthermore, we don't want to use SSH-key authentication mechanisms to keep the hurdle to use collaboration over our server low also for non-tech teams.

Samuel Liew
  • 76,741
  • 107
  • 159
  • 260
ballooon
  • 13
  • 2

2 Answers2

2

You could setup a RHodeCode which has user groups, and repository groups and a nice UI for the server.

Ton Plomp
  • 3,020
  • 1
  • 18
  • 35
2

what is the mercurial way of granting access with such fine-grained ACLs?

ACL Extension

Which HTTPS based server solution should we use?

Any, while recommended shell for ACL is hg-ssh

We'd like to have the ACL configuration for all repositories in one common file.

All ACL extension settings have to be confugured in hgrc

Furthermore, we don't want to use SSH-key authentication mechanisms to keep the hurdle to use collaboration over our server low

Rhodecode is nice, if you can run it

Puttyget+Pageant (for Win-sude) is usable for ordinary users (tested), but: ACL is protocol-agnostic, thus you can use http|https (and will be ready to possible additional headache around https)

Lazy Badger
  • 94,711
  • 9
  • 78
  • 110
  • ACL extension settings can be in a single central hgrc file such as /etc/mercurial/hgrc. They don't have to be in each repo's .hg/hgrc. – Ry4an Brase Nov 12 '11 at 22:02
  • One settings for different repos in one place doesn't seem nice -[acl.*.branches] operates by branch-names, which can intersect in independent repos – Lazy Badger Nov 12 '11 at 22:23
  • I didn't say it was a good idea, just that the original requirements included a single point of config and that it's possible. – Ry4an Brase Nov 13 '11 at 17:47