author | Paul Crowley <paul@lshift.net> |
Thu, 15 Oct 2009 10:30:05 +0100 | |
changeset 144 | 2dbaddde1fd5 |
parent 114 | 241475f6440c |
permissions | -rw-r--r-- |
83
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
1 |
ACCESS.CONF |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
2 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
3 |
Out of the box, there are just two kinds of users: the ones with keys in |
112 | 4 |
"keys/root" and those in "keys/users". However, you can change this by |
5 |
editing "access.conf". There are two "access.conf" files, one in |
|
6 |
"/etc/mercurial-server" and one in "hgadmin"; the two are simply |
|
7 |
concatenated before being read. |
|
83
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
8 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
9 |
Each line of access.conf has the following syntax: |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
10 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
11 |
<rule> <condition> <condition> ... |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
12 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
13 |
Rule is one of |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
14 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
15 |
init - allow any operation, including the creation of new repositories |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
16 |
write - allow reads and writes to this file in this repository |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
17 |
read - allow the repo to be read but reject matching writes |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
18 |
deny - deny all requests |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
19 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
20 |
A condition is a globpattern matched against a relative path. The two most |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
21 |
important conditions are |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
22 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
23 |
user=<globpattern> - user's key |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
24 |
repo=<globpattern> - repo (as the user supplies it) |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
25 |
|
112 | 26 |
The first rule in the file which has all its conditions satisfied is used |
27 |
to determine whether an action is allowed. If no rule is matched the |
|
28 |
request is denied. |
|
83
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
29 |
|
114
241475f6440c
Remove no longer correct assertion about paths
Paul Crowley <paul@lshift.net>
parents:
112
diff
changeset
|
30 |
"*" only matches one directory level, where "**" matches as many as you |
241475f6440c
Remove no longer correct assertion about paths
Paul Crowley <paul@lshift.net>
parents:
112
diff
changeset
|
31 |
want. More precisely, "*" matches zero or more characters not including "/" |
241475f6440c
Remove no longer correct assertion about paths
Paul Crowley <paul@lshift.net>
parents:
112
diff
changeset
|
32 |
while "**" matches zero or more characters including "/". |
83
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
33 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
34 |
Blank lines and lines that start with "#" are ignored. |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
35 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
36 |
access.conf ships with the following contents: |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
37 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
38 |
init user=root/** |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
39 |
deny repo=hgadmin |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
40 |
write user=users/** |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
41 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
42 |
This means: keys in "root" can do anything; keys in "users" cannot create |
112 | 43 |
repositories, cannot even read the hgadmin repository, but can read and |
44 |
write any other repository; no other key has any access. |
|
83
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
45 |
|
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
46 |
More advanced access configuration is covered in file-conditions. |
86ec1268d306
Move some docs out of the README to make it less daunting
Paul Crowley <paul@lshift.net>
parents:
diff
changeset
|
47 |