5 |
5 |
6 Paul Crowley, paul@lshift.net, 2008-2009 |
6 Paul Crowley, paul@lshift.net, 2008-2009 |
7 |
7 |
8 This software may be used and distributed according to the terms |
8 This software may be used and distributed according to the terms |
9 of the GNU General Public License, incorporated herein by reference. |
9 of the GNU General Public License, incorporated herein by reference. |
|
10 |
|
11 http://hg.opensource.lshift.net/mercurial-server/ |
10 |
12 |
11 WHAT IT GIVES YOU |
13 WHAT IT GIVES YOU |
12 |
14 |
13 These tools make it easier to provide a centralized repository host |
15 These tools make it easier to provide a centralized repository host |
14 with read/write access to many repositories for many developers. |
16 with read/write access to many repositories for many developers. |
111 locked out. Multiple admins can use Mercurial's version control to cooperate on |
113 locked out. Multiple admins can use Mercurial's version control to cooperate on |
112 controlling access to the repository server in a natural way. You can also add |
114 controlling access to the repository server in a natural way. You can also add |
113 "root" users by putting their key in the "keys/root" directory in just the same |
115 "root" users by putting their key in the "keys/root" directory in just the same |
114 way - these users will now be able to control hgadmin and create new |
116 way - these users will now be able to control hgadmin and create new |
115 repositories just as you can. |
117 repositories just as you can. |
|
118 |
|
119 Once you're working with "hgadmin", it can be convenient to remove all the keys |
|
120 in "/etc/mercurial-server/keys" and all the entries in |
|
121 "/etc/mercurial-server/access.conf" and use hgadmin to control everything. If |
|
122 you find yourself locked out, you can get back in again by restoring some of the |
|
123 entries you removed from these files - remember, |
|
124 "/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in |
|
125 "hgadmin". |
116 |
126 |
117 ACCESS.CONF |
127 ACCESS.CONF |
118 |
128 |
119 Out of the box, there are just two kinds of users: the ones with keys in |
129 Out of the box, there are just two kinds of users: the ones with keys in |
120 "keys/root" and those in "keys/users". However, you can change this by editing |
130 "keys/root" and those in "keys/users". However, you can change this by editing |
221 |
231 |
222 Finally, hook in an extension is run for each changeset that is remotely |
232 Finally, hook in an extension is run for each changeset that is remotely |
223 committed, which uses the rules file to determine whether to allow the |
233 committed, which uses the rules file to determine whether to allow the |
224 changeset. |
234 changeset. |
225 |
235 |
226 LOCKED OUT? |
236 SECURITY OF MERCURIAL-SERVER |
227 |
237 |
228 Once you're working with "hgadmin", it can be convenient to remove all the keys |
238 mercurial-server relies entirely on sshd to grant access to remote users. As a |
229 in "/etc/mercurial-server/keys" and all the entries in |
239 result, it runs no daemons, installs no setuid programs, and no part of it runs |
230 "/etc/mercurial-server/access.conf" and use hgadmin to control everything. If |
240 as root except the install process: all programs run as the user hg. And any |
231 you find yourself locked out, you can get back in again by restoring some of the |
241 attack on mercurial-server can only be started if the Bad Guys already have a |
232 entries you removed from these files - remember, |
242 public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar the way. No |
233 "/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in |
243 matter what command the user tries to run on the remote system via ssh, |
234 "hgadmin". |
244 mercurial-server is run. |
|
245 |
|
246 It parses the command line the user asked for, and interprets and runs the |
|
247 corresponding hg operation itself if access is allowed, so users can only read |
|
248 and add to history within repositories; they cannot run any other hg command. In |
|
249 addition, every push and pull is logged with a datestamp, changeset ID and the |
|
250 key that performed the operation. |
|
251 |
|
252 However, while the first paragraph holds no matter what bugs mercurial-server |
|
253 contains, the second depends on the relevant code being correct; though the |
|
254 entire codebase is currently only about twice as long as this README, |
|
255 mercurial-server is a fairly new program and may harbour bugs. Backups are |
|
256 essential! |
235 |
257 |
236 THANKS |
258 THANKS |
237 |
259 |
238 Thanks for reading this far. If you use mercurial-server, please tell me about |
260 Thanks for reading this far. If you use mercurial-server, please tell me about |
239 it. |
261 it. |