Matt Mackall <mpm@selenic.com> added the comment:

If your web server runs hgweb as user 'nobody' or 'www', it will not trust most
entries in .hg/hgrc unless that file is also owned by 'nobody' or 'www'.
Otherwise, malicious users could do malicious things.

The 'user' you're trying to push with has no relation to the problem as it's not
even a real user in operating system terms.

____________________________________________________
Mercurial issue tracker <mercurial-bugs@selenic.com>
<http://www.selenic.com/mercurial/bts/issue1274>
____________________________________________________