Hellp on multi-user/multi-permissions setup for web access

> Hi,
>
>   I am just starting to play around with hg.  I want to use ssh
> interface for push/pull but keep web interface (under apache2) for tree
> listing.
>
>   My problem resides in the tree list.  As I understand, every cgi
> script runs as a single user; the one specified in apache configuration
> or the one specified by suexec.  This gives a problem where all the tree
> is accessible to all users.
>
>   I wish to have users authenticated and browsing under their own name
> to handle permissions.  I do not want to create separate sets of
> permissions, one for apache and one for hg.
>
>   I've searched the web for an answer but could only find itsy bits of
> information; some on suexec and sudo, others on fcgi.  I just can't make
> any sense out of any info I find.
>
>   Is there a way either to have hg inherit the user's permissions or to
> have hg use the REMOTE_USER variable passed by apache so it can read
> permissions and apply them accordingly?  Either ACLs or standard
> permissions, I don't mind.
>
>
> Thanks,
>
> Normand Leclerc
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4578 (20091106) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> _______________________________________________
> Mercurial mailing list
> Mercurial@...
> http://selenic.com/mailman/listinfo/mercurial

> Check this url first: http://mercurial.selenic.com/wiki/HgWebDirStepByStep
>
> For handling permissions, I have had very good experience by using the
> .htaccess files to handle the permissions. The user that enters the site
> using the Apache built-in mechanisms is the same user that Mercurial
> gets, ie, it is the name you can use to set allow_read/allow_push etc in
> the [web]-section of your .hg/hgrc file. If I remember correctly this
> has already been discussed on this list. Currently I don't have the time
> to look it up, but I urge you to look into the searchable archives of
> this list; it should be there somewhere.
>
> Greetsz, Jakob
>
> Normand Leclerc wrote:
>  
>> Hi,
>>
>>   I am just starting to play around with hg.  I want to use ssh
>> interface for push/pull but keep web interface (under apache2) for tree
>> listing.
>>
>>   My problem resides in the tree list.  As I understand, every cgi
>> script runs as a single user; the one specified in apache configuration
>> or the one specified by suexec.  This gives a problem where all the tree
>> is accessible to all users.
>>
>>   I wish to have users authenticated and browsing under their own name
>> to handle permissions.  I do not want to create separate sets of
>> permissions, one for apache and one for hg.
>>
>>   I've searched the web for an answer but could only find itsy bits of
>> information; some on suexec and sudo, others on fcgi.  I just can't make
>> any sense out of any info I find.
>>
>>   Is there a way either to have hg inherit the user's permissions or to
>> have hg use the REMOTE_USER variable passed by apache so it can read
>> permissions and apply them accordingly?  Either ACLs or standard
>> permissions, I don't mind.
>>
>>
>> Thanks,
>>
>> Normand Leclerc
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4578 (20091106) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>>
>> _______________________________________________
>> Mercurial mailing list
>> Mercurial@...
>> http://selenic.com/mailman/listinfo/mercurial
>>    
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 4591 (20091110) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>