Restricting "hg push" via hg-ssh for shared hosting

Would anyone know how I can restrict users from pushing to an hg repository if I give then access via hg-ssh?

Some details to help eliminate the obvious:

1) This is a for a shared hosting situation where I don't have root access to install mercurial-server nor can I create the "hg" username that it requires.

2) When I开发者_如何学运维 allow a user to connect via SSH to a shared hosting site, they will basically have their public key in my authorized_keys file and they will have be authenticated as me (i.e. they will have my credentials on the server). I can restrict their access to only a few hg repositories by specifying a "command=" clause in my authorized_keys file as documented here: https://www.mercurial-scm.org/repo/hg-stable/raw-file/tip/contrib/hg-ssh. However that gives the user full access to these repositories. Can I restrict this to pull-only access?

Any of these would solve my problem:

1) I know that mercurial-server solves this problem somehow because all the users their share the same user account called "hg". How do they do it? Can I do the same without root-access to set up things?

OR 2) Is there is a patch that I can add to hg-ssh such that hg-ssh can take some permissions on its command-line. Something like "hg-ssh -read-only repo1 repo2 -read-write repo3".

OR 3) Get "hg -R {repo} serve --stdio" to take a command line option such that it will not allow push.

The quick and dirty way would be to tweak the command= value to be something like this:

command=hg-ssh --config hooks.pretxnchangegroup=false repo1 repo2

but that's just the AclExtension done sloppily.

mercurial-server gives you the simplest control over this. You can install it as a non-root user, but you have to take a little longer to understand how it works.

Use the AclExtension. It lets you block access for ssh actions as well as http actions, and since it's enabled/disabled by hooks you'll be able to bypass it when you're logged in interactively.