doc/configuring-access
branchdebian
changeset 172 5dd3698fad54
parent 118 107906bfe2c6
parent 171 7b69d1d86254
child 174 f141a4b9d5a9
equal deleted inserted replaced
118:107906bfe2c6 172:5dd3698fad54
     1 ACCESS.CONF
       
     2 
       
     3 Out of the box, there are just two kinds of users: the ones with keys in
       
     4 "keys/root" and those in "keys/users". However, you can change this by
       
     5 editing "access.conf". There are two "access.conf" files, one in
       
     6 "/etc/mercurial-server" and one in "hgadmin"; the two are simply
       
     7 concatenated before being read.
       
     8 
       
     9 Each line of access.conf has the following syntax:
       
    10 
       
    11 <rule> <condition> <condition> ...
       
    12 
       
    13 Rule is one of
       
    14 
       
    15 init - allow any operation, including the creation of new repositories
       
    16 write - allow reads and writes to this file in this repository
       
    17 read - allow the repo to be read but reject matching writes
       
    18 deny - deny all requests
       
    19 
       
    20 A condition is a globpattern matched against a relative path. The two most
       
    21 important conditions are
       
    22 
       
    23     user=<globpattern> - user's key
       
    24     repo=<globpattern> - repo (as the user supplies it)
       
    25 
       
    26 The first rule in the file which has all its conditions satisfied is used
       
    27 to determine whether an action is allowed. If no rule is matched the
       
    28 request is denied.
       
    29 
       
    30 "*" only matches one directory level, where "**" matches as many as you
       
    31 want. More precisely, "*" matches zero or more characters not including "/"
       
    32 while "**" matches zero or more characters including "/".
       
    33 
       
    34 Blank lines and lines that start with "#" are ignored.
       
    35 
       
    36 access.conf ships with the following contents:
       
    37 
       
    38     init user=root/**
       
    39     deny repo=hgadmin
       
    40     write user=users/**
       
    41 
       
    42 This means: keys in "root" can do anything; keys in "users" cannot create
       
    43 repositories, cannot even read the hgadmin repository, but can read and
       
    44 write any other repository; no other key has any access.
       
    45 
       
    46 More advanced access configuration is covered in file-conditions.
       
    47