README
changeset 63 b75177d307e5
parent 62 f1e319d3672a
parent 61 964ac53280cb
child 66 2f0ea1163b9e
equal deleted inserted replaced
62:f1e319d3672a 63:b75177d307e5
     5 
     5 
     6 Paul Crowley, paul@lshift.net, 2008-2009
     6 Paul Crowley, paul@lshift.net, 2008-2009
     7 
     7 
     8 This software may be used and distributed according to the terms
     8 This software may be used and distributed according to the terms
     9 of the GNU General Public License, incorporated herein by reference.
     9 of the GNU General Public License, incorporated herein by reference.
       
    10 
       
    11 http://hg.opensource.lshift.net/mercurial-server/
    10 
    12 
    11 WHAT IT GIVES YOU
    13 WHAT IT GIVES YOU
    12 
    14 
    13 These tools make it easier to provide a centralized repository host
    15 These tools make it easier to provide a centralized repository host
    14 with read/write access to many repositories for many developers.
    16 with read/write access to many repositories for many developers.
   111 locked out. Multiple admins can use Mercurial's version control to cooperate on
   113 locked out. Multiple admins can use Mercurial's version control to cooperate on
   112 controlling access to the repository server in a natural way. You can also add
   114 controlling access to the repository server in a natural way. You can also add
   113 "root" users by putting their key in the "keys/root" directory in just the same
   115 "root" users by putting their key in the "keys/root" directory in just the same
   114 way - these users will now be able to control hgadmin and create new
   116 way - these users will now be able to control hgadmin and create new
   115 repositories just as you can.
   117 repositories just as you can.
       
   118 
       
   119 Once you're working with "hgadmin", it can be convenient to remove all the keys
       
   120 in "/etc/mercurial-server/keys" and all the entries in
       
   121 "/etc/mercurial-server/access.conf" and use hgadmin to control everything. If
       
   122 you find yourself locked out, you can get back in again by restoring some of the
       
   123 entries you removed from these files - remember,
       
   124 "/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in
       
   125 "hgadmin".
   116 
   126 
   117 ACCESS.CONF
   127 ACCESS.CONF
   118 
   128 
   119 Out of the box, there are just two kinds of users: the ones with keys in
   129 Out of the box, there are just two kinds of users: the ones with keys in
   120 "keys/root" and those in "keys/users". However, you can change this by editing
   130 "keys/root" and those in "keys/users". However, you can change this by editing
   221 
   231 
   222 Finally, hook in an extension is run for each changeset that is remotely
   232 Finally, hook in an extension is run for each changeset that is remotely
   223 committed, which uses the rules file to determine whether to allow the
   233 committed, which uses the rules file to determine whether to allow the
   224 changeset.
   234 changeset.
   225 
   235 
   226 LOCKED OUT?
   236 SECURITY OF MERCURIAL-SERVER
   227 
   237 
   228 Once you're working with "hgadmin", it can be convenient to remove all the keys
   238 mercurial-server relies entirely on sshd to grant access to remote users. As a
   229 in "/etc/mercurial-server/keys" and all the entries in
   239 result, it runs no daemons, installs no setuid programs, and no part of it runs
   230 "/etc/mercurial-server/access.conf" and use hgadmin to control everything. If
   240 as root except the install process: all programs run as the user hg. And any
   231 you find yourself locked out, you can get back in again by restoring some of the
   241 attack on mercurial-server can only be started if the Bad Guys already have a
   232 entries you removed from these files - remember,
   242 public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar the way. No
   233 "/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in
   243 matter what command the user tries to run on the remote system via ssh,
   234 "hgadmin".
   244 mercurial-server is run. 
       
   245 
       
   246 It parses the command line the user asked for, and interprets and runs the
       
   247 corresponding hg operation itself if access is allowed, so users can only read
       
   248 and add to history within repositories; they cannot run any other hg command. In
       
   249 addition, every push and pull is logged with a datestamp, changeset ID and the
       
   250 key that performed the operation.
       
   251 
       
   252 However, while the first paragraph holds no matter what bugs mercurial-server
       
   253 contains, the second depends on the relevant code being correct; though the
       
   254 entire codebase is currently only about twice as long as this README,
       
   255 mercurial-server is a fairly new program and may harbour bugs. Backups are
       
   256 essential!
   235 
   257 
   236 THANKS
   258 THANKS
   237 
   259 
   238 Thanks for reading this far. If you use mercurial-server, please tell me about
   260 Thanks for reading this far. If you use mercurial-server, please tell me about
   239 it.
   261 it.