doc/manual.docbook
changeset 150 02b464a6b433
parent 149 dc4ed4edb458
child 151 5758cf47ff43
equal deleted inserted replaced
149:dc4ed4edb458 150:02b464a6b433
   363 single user, the <literal>hg</literal> user, which is why all URLs for
   363 single user, the <literal>hg</literal> user, which is why all URLs for
   364 mercurial-server repositories start with <literal>ssh://hg@...</literal>.
   364 mercurial-server repositories start with <literal>ssh://hg@...</literal>.
   365 Each SSH key that has access to the repository has an entry in
   365 Each SSH key that has access to the repository has an entry in
   366 <filename>~hg/.ssh/authorized_keys</filename>; this is how the SSH daemon
   366 <filename>~hg/.ssh/authorized_keys</filename>; this is how the SSH daemon
   367 knows to give that key access. When the user connects over SSH, their
   367 knows to give that key access. When the user connects over SSH, their
   368 commands are run in a specially crafted restricted shell; this shell knows
   368 commands are run in a custom restricted shell; this shell knows which key
   369 which key was used to connect, determines what the user is trying to do,
   369 was used to connect, determines what the user is trying to do, checks the
   370 and checks the access rules to decide whether to allow it.  
   370 access rules to decide whether to allow it, and if allowed invokes
       
   371 Mercurial internally, without forking.
   371 </para>
   372 </para>
   372 <para>
   373 <para>
   373 This restricted shell also ensures that certain Mercurial extensions are
   374 This restricted shell also ensures that certain Mercurial extensions are
   374 loaded when the user acts on a repository; these extensions check the
   375 loaded when the user acts on a repository; these extensions check the
   375 access control rules for any changeset that the user tries to commit, and
   376 access control rules for any changeset that the user tries to commit, and