363 single user, the <literal>hg</literal> user, which is why all URLs for |
363 single user, the <literal>hg</literal> user, which is why all URLs for |
364 mercurial-server repositories start with <literal>ssh://hg@...</literal>. |
364 mercurial-server repositories start with <literal>ssh://hg@...</literal>. |
365 Each SSH key that has access to the repository has an entry in |
365 Each SSH key that has access to the repository has an entry in |
366 <filename>~hg/.ssh/authorized_keys</filename>; this is how the SSH daemon |
366 <filename>~hg/.ssh/authorized_keys</filename>; this is how the SSH daemon |
367 knows to give that key access. When the user connects over SSH, their |
367 knows to give that key access. When the user connects over SSH, their |
368 commands are run in a specially crafted restricted shell; this shell knows |
368 commands are run in a custom restricted shell; this shell knows which key |
369 which key was used to connect, determines what the user is trying to do, |
369 was used to connect, determines what the user is trying to do, checks the |
370 and checks the access rules to decide whether to allow it. |
370 access rules to decide whether to allow it, and if allowed invokes |
|
371 Mercurial internally, without forking. |
371 </para> |
372 </para> |
372 <para> |
373 <para> |
373 This restricted shell also ensures that certain Mercurial extensions are |
374 This restricted shell also ensures that certain Mercurial extensions are |
374 loaded when the user acts on a repository; these extensions check the |
375 loaded when the user acts on a repository; these extensions check the |
375 access control rules for any changeset that the user tries to commit, and |
376 access control rules for any changeset that the user tries to commit, and |