doc/manual.docbook
changeset 147 b29a7088b132
parent 146 04e74d4b3822
child 148 5da43b596bac
equal deleted inserted replaced
146:04e74d4b3822 147:b29a7088b132
   179 <listitem>
   179 <listitem>
   180 <literal>deny</literal>: deny all requests
   180 <literal>deny</literal>: deny all requests
   181 </listitem>
   181 </listitem>
   182 </itemizedlist>
   182 </itemizedlist>
   183 <para>
   183 <para>
       
   184 A condition is a globpattern matched against a relative path. The two most
       
   185 important conditions are
       
   186 </para>
       
   187 <itemizedlist>
       
   188 <listitem>
       
   189 <code><literal>user=</literal><replaceable>globpattern</replaceable></code>: path to the user's key
       
   190 </listitem>
       
   191 <listitem>
       
   192 <code><literal>repo=</literal><replaceable>globpattern</replaceable></code>: path to the repository
       
   193 </listitem>
       
   194 </itemizedlist>
       
   195 <para>
       
   196 "*" only matches one directory level, where "**" matches as many as you
       
   197 want. More precisely, "*" matches zero or more characters not including "/"
       
   198 while "**" matches zero or more characters including "/".
       
   199 </para>
       
   200 <para>
   184 When considering a request, mercurial-server steps through all the rules in <filename>/etc/mercurial-server/access.conf</filename> and then all the rules in <filename>access.conf</filename> in <literal>hgadmin</literal> looking for a rule which matches on every condition.  If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it.
   201 When considering a request, mercurial-server steps through all the rules in <filename>/etc/mercurial-server/access.conf</filename> and then all the rules in <filename>access.conf</filename> in <literal>hgadmin</literal> looking for a rule which matches on every condition.  If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it.
   185 </para>
   202 </para>
   186 <para>
   203 <para>
   187 By default, <filename>/etc/mercurial-server/access.conf</filename> has the following rules:
   204 By default, <filename>/etc/mercurial-server/access.conf</filename> has the following rules:
   188 </para>
   205 </para>
   190 deny repo=hgadmin
   207 deny repo=hgadmin
   191 write user=users/**
   208 write user=users/**
   192 </programlisting>
   209 </programlisting>
   193 <para>
   210 <para>
   194 These rules ensure that root users can do any operation on any repository, that no other users can access the <literal>hgadmin</literal> repository, and that those with keys in <filename class='directory'>keys/users</filename> can read or write to any repository but not create repositories.
   211 These rules ensure that root users can do any operation on any repository, that no other users can access the <literal>hgadmin</literal> repository, and that those with keys in <filename class='directory'>keys/users</filename> can read or write to any repository but not create repositories.
   195 </para>
       
   196 <para>
       
   197 A condition is a globpattern matched against a relative path. The two most
       
   198 important conditions are
       
   199 </para>
       
   200 <itemizedlist>
       
   201 <listitem>
       
   202 <code><literal>user=</literal><replaceable>globpattern</replaceable></code>: path to the user's key
       
   203 </listitem>
       
   204 <listitem>
       
   205 <code><literal>repo=</literal><replaceable>globpattern</replaceable></code>: path to the repository
       
   206 </listitem>
       
   207 </itemizedlist>
       
   208 <para>
       
   209 "*" only matches one directory level, where "**" matches as many as you
       
   210 want. More precisely, "*" matches zero or more characters not including "/"
       
   211 while "**" matches zero or more characters including "/".
       
   212 </para>
   212 </para>
   213 </section>
   213 </section>
   214 <section>
   214 <section>
   215 <title>/etc/mercurial-server and hgadmin</title>
   215 <title>/etc/mercurial-server and hgadmin</title>
   216 <para>
   216 <para>