equal
deleted
inserted
replaced
388 <title>Security</title> |
388 <title>Security</title> |
389 <para> |
389 <para> |
390 mercurial-server relies entirely on sshd to grant access to remote users. |
390 mercurial-server relies entirely on sshd to grant access to remote users. |
391 As a result, it runs no daemons, installs no setuid programs, and no part |
391 As a result, it runs no daemons, installs no setuid programs, and no part |
392 of it runs as root except the install process: all programs run as the user |
392 of it runs as root except the install process: all programs run as the user |
393 hg. And any attack on mercurial-server can only be started if the Bad Guys |
393 hg. Any attack on mercurial-server can only be started if the attacker |
394 already have a public key in <filename>~hg/.ssh/authorized_keys</filename>, |
394 already has a public key in <filename>~hg/.ssh/authorized_keys</filename>, |
395 otherwise sshd will bar the way. |
395 otherwise sshd will bar the way. |
396 </para> |
396 </para> |
397 <para> |
397 <para> |
398 No matter what command the user tries to run on the remote system via SSH, |
398 No matter what command the user tries to run on the remote system via SSH, |
399 mercurial-server is run. It parses the command line the user asked for, and |
399 mercurial-server is run. It parses the command line the user asked for, and |