mercurial-server: doc/configuring-access@3035990989ee (annotated)

83 86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	1	ACCESS.CONF
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	2
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	3	Out of the box, there are just two kinds of users: the ones with keys in
112 3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	4	"keys/root" and those in "keys/users". However, you can change this by
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	5	editing "access.conf". There are two "access.conf" files, one in
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	6	"/etc/mercurial-server" and one in "hgadmin"; the two are simply
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	7	concatenated before being read.
83 86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	8
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	9	Each line of access.conf has the following syntax:
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	10
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	11	<rule> <condition> <condition> ...
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	12
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	13	Rule is one of
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	14
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	15	init - allow any operation, including the creation of new repositories
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	16	write - allow reads and writes to this file in this repository
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	17	read - allow the repo to be read but reject matching writes
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	18	deny - deny all requests
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	19
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	20	A condition is a globpattern matched against a relative path. The two most
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	21	important conditions are
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	22
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	23	user=<globpattern> - user's key
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	24	repo=<globpattern> - repo (as the user supplies it)
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	25
112 3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	26	The first rule in the file which has all its conditions satisfied is used
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	27	to determine whether an action is allowed. If no rule is matched the
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	28	request is denied.
83 86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	29
112 3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	30	Paths cannot contain any special characters except "/"; glob patterns
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	31	cannot contain any special characters except "/" and "". "" matches zero
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	32	or more characters not including "/" while "**" matches zero or more
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	33	characters including "/".
83 86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	34
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	35	Blank lines and lines that start with "#" are ignored.
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	36
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	37	access.conf ships with the following contents:
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	38
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	39	init user=root/**
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	40	deny repo=hgadmin
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	41	write user=users/**
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	42
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	43	This means: keys in "root" can do anything; keys in "users" cannot create
112 3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	44	repositories, cannot even read the hgadmin repository, but can read and
3035990989ee Documentation improvements Paul Crowley <paul@lshift.net> parents: 83 diff changeset	45	write any other repository; no other key has any access.
83 86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	46
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	47	More advanced access configuration is covered in file-conditions.
86ec1268d306 Move some docs out of the README to make it less daunting Paul Crowley <paul@lshift.net> parents: diff changeset	48

author	Paul Crowley <paul@lshift.net>
	Tue, 13 Oct 2009 12:22:30 +0100
changeset 112	3035990989ee
parent 83	86ec1268d306
child 114	241475f6440c
permissions	-rw-r--r--