Publishing Mercurial Repositories Securely

This page describes how to allow limited access to Mercurial repositories via HTTP or SSH without allowing clients to execute arbitrary commands.

1. Security model

Mercurial's command line uses a security model appropriate for a command line: a user who can run a Mercurial command is allowed to do anything that the operating system will let that user do, including running other commands.

Similarly, the built-in Web interface, hgweb, trusts the REMOTE_USER environment variable to control access. No user authentication is done by hgweb.

To safely serve repositories with limited access, Mercurial relies on the security mechanisms built into the operating system or Web server it's running on. This means not exposing Mercurial directly to the Internet, but rather thru a wrapper script or behind an HTTP server like Apache.

2. Configuring a server for limited access

General guidelines regardless of protocol:

SSH-specific:

HTTP-specific:

3. See also


CategoryHowTo

SecuringRepositories (last edited 2017-04-18 16:07:50 by KevinBullock)