Mercurial doesn't provide a user authentication system -- that has to come from something else. However, it does provide an authorization system that uses the "who" answer from the external authentication system to decide what that "who" can do.
Popular external authentication systems include:
- HTTP authentication as provided by your web server (Apache, etc.)
- SSH authentication as provided by sshd
- file system level user authentication as provided by your operating system
- Note:
hg serve
does not have an authentication system, so it's not usable w/ per-user access controls
Accessing mercurial (either its web interface or its command line interface) through one of those systems, properly configured, provided mercurial with the answer to "who?".
Once Mercurial learns who is making the request then the allow_push
and allow_read
settings in the repository's .hg/hgrc
file will determine what that who can do.
So the how of setting this up depends on what means of access you're using, which is what Callahad was asking.