hg牵引多个用户

Question

I cloned a mercurial repository to a Ubuntu server to deploy the project there. Everything works fine for me, but when a my colleague tried updating the server code with "hg pull" it uses my credentials for the pull.

What is the best way to enable multiple persons to update the server? The only way I can think of right now is to create a common user in the repository for which both of us know the password.

On the server we both have our own user accounts that belong to the same group.

Edit: I figured that I can also specify the url so: "hg pull https://user@server.com/project " works, but this is still a bit tedious

Answer 1

You should indeed create on the repository server a user for common usage which is granted access to that repository. Preferentially you also allow ssh access via key to the repository via key from the server where you deployed the project. That way the user on the deployment server can pull from the repository server without any passwords

You can restrict the ssh access on the repository server for that user by installing hg-ssh and editing its .ssh/authorized_keys file approriately:

command="/home/repository-user/bin/hg-ssh * hg-repos/*",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3Nz...aS8JqGh4Q== someone@example.com (Max Mustermann)

You can that way easily allow other people or servers access to that repository: simply let them generate a key pair, too. And install their public key in the authorized_keys file of the (shared) repository user on the repository server. Simply restrict all the remote users from using any shell by restricting the allowed ssh commands to hg-ssh as shown above.