Using groups in mercurial's allow_read, allow_push etc

Question

I was wondering if it is possible to use groups specified in e.g., an apache authgroup file in allow_read and/or allow_push etc.

So basically what I do is I am using apache with an authfile and authgroup file to authenticate users. Now I want to restrict some repositories using allow_read from being shown to users in a specific group specified in the authgroup file.

Let's say I have sam, frodo and sauron in my auth file and I have a group hobbits containing sam and frodo in the authgroup file.

So instead of writing:

allow_read = frodo, sam

I tried

allow_read = @hobbits

but that does not seem to work. Does anybody know whether this is actually supported? The idea is if I have say 10 Repositories only readable for hobbits and I add a hobbit I only have to change the authgroup and auth file and not each repository hgrc file.

Thanks in advance

Answer 1

Mercurial does not have any builtin support for groups. There is a patch from a user that adds group support, but the coders seemed hesitant to include it by default, they want the contributor to make a plugin out of it instead. As of April 2013 they seem to have accepted it, but I still see no trace of it in the version currently shipped with Ubuntu (2.7).

Controlling groups in Apache, as suggested by Joel, doesn't give you any fine granular control when you have more than one repository, so it's no use (at least not for me).

I ended up using the open source tool SCM-Manager for it. SCM-Manager acts as a frontend for SVN, Git and Mercurial and has support for various user directories (including LDAP and Crowd) as well as its own user directory.

I'm using mod_proxy to integrate it in my Apache configuration and it works quite well.