1 ACCESS.CONF |
1 ACCESS.CONF |
2 |
2 |
3 Out of the box, there are just two kinds of users: the ones with keys in |
3 Out of the box, there are just two kinds of users: the ones with keys in |
4 "keys/root" and those in "keys/users". However, you can change this by editing |
4 "keys/root" and those in "keys/users". However, you can change this by |
5 "access.conf". There are two "access.conf" files, one in |
5 editing "access.conf". There are two "access.conf" files, one in |
6 "/etc/mercurial-server" and one in "hgadmin"; the two are simply concatenated |
6 "/etc/mercurial-server" and one in "hgadmin"; the two are simply |
7 before being read. |
7 concatenated before being read. |
8 |
8 |
9 Each line of access.conf has the following syntax: |
9 Each line of access.conf has the following syntax: |
10 |
10 |
11 <rule> <condition> <condition> ... |
11 <rule> <condition> <condition> ... |
12 |
12 |
21 important conditions are |
21 important conditions are |
22 |
22 |
23 user=<globpattern> - user's key |
23 user=<globpattern> - user's key |
24 repo=<globpattern> - repo (as the user supplies it) |
24 repo=<globpattern> - repo (as the user supplies it) |
25 |
25 |
26 The first rule in the file which has all its conditions satisfied is used to |
26 The first rule in the file which has all its conditions satisfied is used |
27 determine whether an action is allowed. |
27 to determine whether an action is allowed. If no rule is matched the |
|
28 request is denied. |
28 |
29 |
29 Paths cannot contain any special characters except "/"; glob patterns cannot |
30 "*" only matches one directory level, where "**" matches as many as you |
30 contain any special characters except "/" and "*". "*" matches zero or more |
31 want. More precisely, "*" matches zero or more characters not including "/" |
31 characters not including "/" while "**" matches zero or more characters |
32 while "**" matches zero or more characters including "/". |
32 including "/". |
|
33 |
33 |
34 Blank lines and lines that start with "#" are ignored. |
34 Blank lines and lines that start with "#" are ignored. |
35 |
35 |
36 access.conf ships with the following contents: |
36 access.conf ships with the following contents: |
37 |
37 |
38 init user=root/** |
38 init user=root/** |
39 deny repo=hgadmin |
39 deny repo=hgadmin |
40 write user=users/** |
40 write user=users/** |
41 |
41 |
42 This means: keys in "root" can do anything; keys in "users" cannot create |
42 This means: keys in "root" can do anything; keys in "users" cannot create |
43 repositories, cannot even read the hgadmin repository, but can read and write |
43 repositories, cannot even read the hgadmin repository, but can read and |
44 any other repository; no other key has any access. |
44 write any other repository; no other key has any access. |
45 |
45 |
46 More advanced access configuration is covered in file-conditions. |
46 More advanced access configuration is covered in file-conditions. |
47 |
47 |