recommendations for non-ssh setups with many users?

Lasse Kliemann lasse at lassekliemann.de
Sat May 30 08:23:26 UTC 2015


Thomas Klausner <tk at giga.or.at> writes:

> What is the recommended setup to allow hundreds of users to push to a
> repository, but not allow everyone? I want to avoid setting up Unix
> user accounts for all of them.

I am using both, for around 50 users:

* SSH-based with a single account, users are recognized by their
  SSH keys. The 'command=' directive in '~/.ssh/authorized_keys' makes
  this possible.

* HTTPS-based with Apache, users are in a password file maintained using
  'htpasswd'. Using 'allow_push', it can be controlled who is allowed to
  push. There is also an 'allow_read' option.

I would recommend the second method since:

- it works with passwords (which it seems is easier for many users than
  SSH keys, unfortunately);
  
- managing the password file with 'htpasswd' and/or a text editor seems
  a bit easier at times than editing the 'authorized_keys', especially
  with many users;
  
- it gives users also the web interface (browse history, view files).

I can provide details on any of the two solutions if requested.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20150530/bfe52218/attachment.asc>


More information about the Mercurial mailing list