Mercurial Mercurial > hg > mercurial-server / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
doc/security
changeset 163 8d73bcd75243
parent 162 1c0bc7d33648
child 164 32131253c2f1
equal deleted inserted replaced
162:1c0bc7d33648 163:8d73bcd75243 
     1 SECURITY OF MERCURIAL-SERVER
 
       
     2 
       
     3 mercurial-server relies entirely on sshd to grant access to remote users.
 
       
     4 As a result, it runs no daemons, installs no setuid programs, and no part
 
       
     5 of it runs as root except the install process: all programs run as the user
 
       
     6 hg. And any attack on mercurial-server can only be started if the Bad Guys
 
       
     7 already have a public key in ~hg/.ssh/authorized_keys, otherwise sshd will
 
       
     8 bar the way.
 
       
     9 
       
    10 No matter what command the user tries to run on the remote system via ssh,
 
       
    11 mercurial-server is run. It parses the command line the user asked for, and
 
       
    12 interprets and runs the corresponding hg operation itself if access is
 
       
    13 allowed, so users can only read and add to history within repositories;
 
       
    14 they cannot run any other hg command. In addition, every push and pull is
 
       
    15 logged with a datestamp, changeset ID and the key that performed the
 
       
    16 operation.
 
       
    17 
       
    18 However, while the first paragraph holds no matter what bugs
 
       
    19 mercurial-server contains, the second depends on the relevant code being
 
       
    20 correct; though the entire codebase is short, mercurial-server is a fairly
 
       
    21 new program and may harbour bugs. Backups are essential!
mercurial-server