equal
deleted
inserted
replaced
179 <listitem> |
179 <listitem> |
180 <literal>deny</literal>: deny all requests |
180 <literal>deny</literal>: deny all requests |
181 </listitem> |
181 </listitem> |
182 </itemizedlist> |
182 </itemizedlist> |
183 <para> |
183 <para> |
|
184 A condition is a globpattern matched against a relative path. The two most |
|
185 important conditions are |
|
186 </para> |
|
187 <itemizedlist> |
|
188 <listitem> |
|
189 <code><literal>user=</literal><replaceable>globpattern</replaceable></code>: path to the user's key |
|
190 </listitem> |
|
191 <listitem> |
|
192 <code><literal>repo=</literal><replaceable>globpattern</replaceable></code>: path to the repository |
|
193 </listitem> |
|
194 </itemizedlist> |
|
195 <para> |
|
196 "*" only matches one directory level, where "**" matches as many as you |
|
197 want. More precisely, "*" matches zero or more characters not including "/" |
|
198 while "**" matches zero or more characters including "/". |
|
199 </para> |
|
200 <para> |
184 When considering a request, mercurial-server steps through all the rules in <filename>/etc/mercurial-server/access.conf</filename> and then all the rules in <filename>access.conf</filename> in <literal>hgadmin</literal> looking for a rule which matches on every condition. If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it. |
201 When considering a request, mercurial-server steps through all the rules in <filename>/etc/mercurial-server/access.conf</filename> and then all the rules in <filename>access.conf</filename> in <literal>hgadmin</literal> looking for a rule which matches on every condition. If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it. |
185 </para> |
202 </para> |
186 <para> |
203 <para> |
187 By default, <filename>/etc/mercurial-server/access.conf</filename> has the following rules: |
204 By default, <filename>/etc/mercurial-server/access.conf</filename> has the following rules: |
188 </para> |
205 </para> |
190 deny repo=hgadmin |
207 deny repo=hgadmin |
191 write user=users/** |
208 write user=users/** |
192 </programlisting> |
209 </programlisting> |
193 <para> |
210 <para> |
194 These rules ensure that root users can do any operation on any repository, that no other users can access the <literal>hgadmin</literal> repository, and that those with keys in <filename class='directory'>keys/users</filename> can read or write to any repository but not create repositories. |
211 These rules ensure that root users can do any operation on any repository, that no other users can access the <literal>hgadmin</literal> repository, and that those with keys in <filename class='directory'>keys/users</filename> can read or write to any repository but not create repositories. |
195 </para> |
|
196 <para> |
|
197 A condition is a globpattern matched against a relative path. The two most |
|
198 important conditions are |
|
199 </para> |
|
200 <itemizedlist> |
|
201 <listitem> |
|
202 <code><literal>user=</literal><replaceable>globpattern</replaceable></code>: path to the user's key |
|
203 </listitem> |
|
204 <listitem> |
|
205 <code><literal>repo=</literal><replaceable>globpattern</replaceable></code>: path to the repository |
|
206 </listitem> |
|
207 </itemizedlist> |
|
208 <para> |
|
209 "*" only matches one directory level, where "**" matches as many as you |
|
210 want. More precisely, "*" matches zero or more characters not including "/" |
|
211 while "**" matches zero or more characters including "/". |
|
212 </para> |
212 </para> |
213 </section> |
213 </section> |
214 <section> |
214 <section> |
215 <title>/etc/mercurial-server and hgadmin</title> |
215 <title>/etc/mercurial-server and hgadmin</title> |
216 <para> |
216 <para> |