equal
deleted
inserted
replaced
130 A condition is a globpattern matched against a relative path, one of: |
130 A condition is a globpattern matched against a relative path, one of: |
131 |
131 |
132 user=<globpattern> - user's key |
132 user=<globpattern> - user's key |
133 repo=<globpattern> - repo (as the user supplies it) |
133 repo=<globpattern> - repo (as the user supplies it) |
134 file=<globpattern> - file in the repo |
134 file=<globpattern> - file in the repo |
|
135 branch=<globpattern> - name of the branch |
135 |
136 |
136 The first rule in the file which has all its conditions satisfied is |
137 The first rule in the file which has all its conditions satisfied is |
137 used to determine whether an action is allowed. |
138 used to determine whether an action is allowed. |
138 |
139 |
139 Paths cannot contain any special characters except "/"; glob patterns |
140 Paths cannot contain any special characters except "/"; glob patterns |
143 |
144 |
144 Blank lines and lines that start with "#" are ignored. |
145 Blank lines and lines that start with "#" are ignored. |
145 |
146 |
146 FILE CONDITIONS |
147 FILE CONDITIONS |
147 |
148 |
148 The rules file is used to make three decisions: |
149 The rules file is used to make four decisions: |
149 |
150 |
150 - Whether to allow a repository to be created |
151 - Whether to allow a repository to be created |
151 - Whether to allow access to a repository |
152 - Whether to allow access to a repository |
|
153 - Whether to allow a changeset on a particular branch at all |
152 - Whether to allow a changeset to change a particular file |
154 - Whether to allow a changeset to change a particular file |
153 |
155 |
154 When the first two of these decisions are being made, nothing is known |
156 When the first two of these decisions are being made, nothing is known |
155 about what files might be changed, and so all file conditions |
157 about what files might be changed, and so all file conditions |
156 automatically succeed for the purpose of such decisions. This means |
158 automatically succeed for the purpose of such decisions. This means |
170 *except* that any changeset which writes to "dontwritethis" will be |
172 *except* that any changeset which writes to "dontwritethis" will be |
171 rejected. |
173 rejected. |
172 |
174 |
173 - For similar reasons, don't give "init" rules file conditions. |
175 - For similar reasons, don't give "init" rules file conditions. |
174 |
176 |
|
177 LOCKING YOURSELF OUT |
|
178 |
|
179 If you find yourself "locked out" - that is, that you no longer have |
|
180 the permissions needed in hgadmin - you can break back in again if |
|
181 you're able to become the "hg" user on the repository host. Once you |
|
182 are that user, delete ~hg/.ssh/authorized_keys (to stop any user who |
|
183 might have access but shouldn't from using the repository while you |
|
184 fix things). Then go into ~hg/repos/hgadmin, do an "hg update", edit |
|
185 things to your satisfaction, and commit the change. Finally, run |
|
186 ~/admin/hg-admin-tools/refresh-auth to regenerate |
|
187 ~hg/.ssh/authorized_keys. |
|
188 |
175 THANKS |
189 THANKS |
176 |
190 |
177 Thanks for reading this far. If you use hg-admin-tools, please tell |
191 Thanks for reading this far. If you use hg-admin-tools, please tell |
178 me about it. |
192 me about it. |
179 |
193 |