Controlling access via hgweb.config

I would like to be able to control access to some mercurial repositories on my server. I thought an easy solution would be to have all limited users have a username that ends with "_external". I would then change the deny_push and deny_read on some .hgrc files to give them access as needed. I setup up my hgweb.config file like below, but the deny_push and deny_read lines are ignore开发者_开发问答d. Is this the correct syntax? Is there a better way to accomplish my goal (I looked into Rhodecode, but it seems to be pretty crashy on Windows).

[web]
style = gitweb
baseurl = /hg
allow_push = *
push_ssl = false
deny_push = *_external
deny_read = *_external

The best option you have is to setup a list with the usernames:

allow_push = user1, user2
deny_push = user3, user5
deny_read = user4

The problem with your syntax is that, you are first allowing push for everybody and then trying to limit the users.

mercurial-server can do this for you. This means connecting to your repository over ssh rather than over http, and authenticating using ssh keypairs, but in my experience that's far more convenient anyway.