README
changeset 20 f4daa224dc7e
parent 18 538d6b198f4a
child 26 2c4f499ea12f
equal deleted inserted replaced
18:538d6b198f4a 20:f4daa224dc7e
   130 A condition is a globpattern matched against a relative path, one of:
   130 A condition is a globpattern matched against a relative path, one of:
   131 
   131 
   132 user=<globpattern> - user's key
   132 user=<globpattern> - user's key
   133 repo=<globpattern> - repo (as the user supplies it)
   133 repo=<globpattern> - repo (as the user supplies it)
   134 file=<globpattern> - file in the repo
   134 file=<globpattern> - file in the repo
       
   135 branch=<globpattern> - name of the branch
   135 
   136 
   136 The first rule in the file which has all its conditions satisfied is
   137 The first rule in the file which has all its conditions satisfied is
   137 used to determine whether an action is allowed.
   138 used to determine whether an action is allowed.
   138 
   139 
   139 Paths cannot contain any special characters except "/"; glob patterns
   140 Paths cannot contain any special characters except "/"; glob patterns
   143 
   144 
   144 Blank lines and lines that start with "#" are ignored.
   145 Blank lines and lines that start with "#" are ignored.
   145 
   146 
   146 FILE CONDITIONS
   147 FILE CONDITIONS
   147 
   148 
   148 The rules file is used to make three decisions:
   149 The rules file is used to make four decisions:
   149 
   150 
   150 - Whether to allow a repository to be created
   151 - Whether to allow a repository to be created
   151 - Whether to allow access to a repository
   152 - Whether to allow access to a repository
       
   153 - Whether to allow a changeset on a particular branch at all
   152 - Whether to allow a changeset to change a particular file
   154 - Whether to allow a changeset to change a particular file
   153 
   155 
   154 When the first two of these decisions are being made, nothing is known
   156 When the first two of these decisions are being made, nothing is known
   155 about what files might be changed, and so all file conditions
   157 about what files might be changed, and so all file conditions
   156 automatically succeed for the purpose of such decisions.  This means
   158 automatically succeed for the purpose of such decisions.  This means
   170 *except* that any changeset which writes to "dontwritethis" will be
   172 *except* that any changeset which writes to "dontwritethis" will be
   171 rejected.
   173 rejected.
   172 
   174 
   173 - For similar reasons, don't give "init" rules file conditions.
   175 - For similar reasons, don't give "init" rules file conditions.
   174 
   176 
       
   177 LOCKING YOURSELF OUT
       
   178 
       
   179 If you find yourself "locked out" - that is, that you no longer have
       
   180 the permissions needed in hgadmin - you can break back in again if
       
   181 you're able to become the "hg" user on the repository host.  Once you
       
   182 are that user, delete ~hg/.ssh/authorized_keys (to stop any user who
       
   183 might have access but shouldn't from using the repository while you
       
   184 fix things).  Then go into ~hg/repos/hgadmin, do an "hg update", edit
       
   185 things to your satisfaction, and commit the change.  Finally, run
       
   186 ~/admin/hg-admin-tools/refresh-auth to regenerate
       
   187 ~hg/.ssh/authorized_keys. 
       
   188 
   175 THANKS
   189 THANKS
   176 
   190 
   177 Thanks for reading this far.  If you use hg-admin-tools, please tell
   191 Thanks for reading this far.  If you use hg-admin-tools, please tell
   178 me about it.
   192 me about it.
   179 
   193