mercurial-server: comparison doc/manual.docbook

equal deleted inserted replaced

-:b6e65bddda7c
+:265b258904d2
 <article xmlns="http://docbook.org/ns/docbook" version="5.0" xml:lang="en"
 xmlns:xlink="http://www.w3.org/1999/xlink">
 <info>
 <title>Sharing Mercurial repositories with mercurial-server</title>
 <author><firstname>Paul</firstname><surname>Crowley</surname></author>
-<copyright><year>2009</year><holder>Paul Crowley, LShift Ltd</holder></copyright>
+<copyright><year>2008-2010</year><holder>Paul Crowley, LShift Ltd</holder></copyright>
 </info>
 <section>
 <title>About mercurial-server</title>
 <para>
 Home page: <link xlink:href="http://www.lshift.net/mercurial-server.html"/>
 </listitem>
 </itemizedlist>
 </section>
 </section>
 <section>
+<title>In detail</title>
+<section>
 <title>How mercurial-server works</title>
 <para>
 All of the repositories controlled by mercurial-server are owned by a
 single user, the <systemitem
 class="username">hg</systemitem> user, which is why all URLs for
 operation.
 </para>
 <para>
 However, while the first paragraph holds no matter what bugs
 mercurial-server contains, the second depends on the relevant code being
-correct; though the entire codebase is short, mercurial-server is a fairly
+correct; though the entire codebase is short, like all software mercurial-server may harbour bugs. Backups are essential!
-new program and may harbour bugs. Backups are essential!
+</para>
-</para>
+</section>
-</section>
+<section>
-<section>
+<title>Logging</title>
-<title>Legalese</title>
+<para>
+Every successful access is logged in a file called
+<filename>~hg/repos/<replaceable>repository</replaceable>/.hg/mercurial-server.log</filename>. This file is in YAML format for easy parsing, but if you don't like YAML, simply treat each line as a JSON data structure prepended with <code>- </code>. The log records the time as a
+UTC ISO 8601 time, the operation ("push" or "pull"), the path to the key as
+used in the access rules, the SSH connection information (including the source IP address), and the hex changeset IDs.
+</para>
+</section>
+<section>
+<title>Paths and configuration</title>
+<para>
+For security reasons, all mercurial-server code runs as the <systemitem
+class="username">hg</systemitem> user.  The first thing this code reads when it starts is <filename>~hg/.mercurial-server</filename>; if this file is absent or corrupt the code won't run.  This file specifies all of the file paths that mercurial-server uses.  In particular, it specifies that mercurial-server always uses <code>HGRCPATH = /etc/mercurial-server/remote-hgrc.d</code> for remote operations, overriding any system <code>HGRCPATH</code>.
+</para>
+<para>
+By creating such a file with suitable entries, you can run mercurial-server as a user other than <systemitem
+class="username">hg</systemitem>, or install it without root privileges; however I strongly recommend that if you need to do this, you use a user account that is used for no other purpose, and take the time to thoroughly understand how mercurial-server works before you attempt it.
+</para>
+</section>
+<section>
+<title>License</title>
 <para>
 This program is free software; you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by the Free
 Software Foundation; either version 2 of the License, or (at your option)
 any later version.
 <para>
 Thanks for reading this far. If you use mercurial-server, please tell me about
 it.
 </para>
 <para>
-Paul Crowley, <email>paul@lshift.net</email>, 2009
+Paul Crowley, <email>paul@lshift.net</email>, 2010
 </para>
+</section>
 </section>
 </article>

branch	debian
changeset 277	265b258904d2
parent 263	9f7ad3a71c90
child 311	3cbde66305e4