equal
deleted
inserted
replaced
217 mercurial-server consults two distinct locations to collect information about what to allow: <filename |
217 mercurial-server consults two distinct locations to collect information about what to allow: <filename |
218 class='directory'>/etc/mercurial-server</filename> and its own <literal>hgadmin</literal> repository. This is useful for several reasons: |
218 class='directory'>/etc/mercurial-server</filename> and its own <literal>hgadmin</literal> repository. This is useful for several reasons: |
219 </para> |
219 </para> |
220 <itemizedlist> |
220 <itemizedlist> |
221 <listitem> |
221 <listitem> |
222 Users may not need the sophistication of access control via mercurial; for these users updating <filename |
222 Some users may not need the convenience of access control via mercurial; for these users updating <filename |
223 class='directory'>/etc/mercurial-server</filename> may offer a simpler route. |
223 class='directory'>/etc/mercurial-server</filename> may offer a simpler route. |
224 </listitem> |
224 </listitem> |
225 <listitem> |
225 <listitem> |
226 <filename |
226 <filename class='directory'>/etc/mercurial-server</filename> is suitable |
227 class='directory'>/etc/mercurial-server</filename> is suitable for management by some other route, such as with <link |
227 for management with tools such as <link |
228 xlink:href="http://reductivelabs.com/products/puppet">Puppet</link> |
228 xlink:href="http://reductivelabs.com/products/puppet">Puppet</link> |
229 </listitem> |
229 </listitem> |
230 <listitem> |
230 <listitem> |
231 If a change to <literal>hgadmin</literal> leaves you "locked out", <filename |
231 If a change to <literal>hgadmin</literal> leaves you "locked out", <filename |
232 class='directory'>/etc/mercurial-server</filename> allows you a way back in. |
232 class='directory'>/etc/mercurial-server</filename> allows you a way back in. |
234 <listitem> |
234 <listitem> |
235 At install time, all users are "locked out", and so some mechanism to allow some users in is needed. |
235 At install time, all users are "locked out", and so some mechanism to allow some users in is needed. |
236 </listitem> |
236 </listitem> |
237 </itemizedlist> |
237 </itemizedlist> |
238 <para> |
238 <para> |
239 Rules in <filename>/etc/mercurial-server/access.conf</filename> take precedence over those in <literal>hgadmin</literal>, and obviously keys in <filename class='directory'>/etc/mercurial-server/keys</filename> cannot be affected by changes to <literal>hgadmin</literal>. |
239 Rules in <filename>/etc/mercurial-server/access.conf</filename> are checked before those in <literal>hgadmin</literal>, and keys in <filename class='directory'>/etc/mercurial-server/keys</filename> will be present no matter how <literal>hgadmin</literal> changes. |
240 </para> |
240 </para> |
241 <para> |
241 <para> |
242 We anticipate that once mercurial-server is successfully installed and |
242 We anticipate that once mercurial-server is successfully installed and |
243 working most users will want to use <literal>hgadmin</literal> for most |
243 working you will usually want to use <literal>hgadmin</literal> for most |
244 access control tasks. Once you have the right keys and |
244 access control tasks. Once you have the right keys and |
245 <filename>access.conf</filename> set up in <literal>hgadmin</literal>, you |
245 <filename>access.conf</filename> set up in <literal>hgadmin</literal>, you |
246 can delete <filename>/etc/mercurial-server/access.conf</filename> and all |
246 can delete <filename>/etc/mercurial-server/access.conf</filename> and all |
247 of <filename class='directory'>/etc/mercurial-server/keys</filename>, |
247 of <filename class='directory'>/etc/mercurial-server/keys</filename>, |
248 turning control entirely over to <literal>hgadmin</literal>. |
248 turning control entirely over to <literal>hgadmin</literal>. |