289 "*" only matches one directory level, where "**" matches as many as you |
289 "*" only matches one directory level, where "**" matches as many as you |
290 want. More precisely, "*" matches zero or more characters not including "/" |
290 want. More precisely, "*" matches zero or more characters not including "/" |
291 while "**" matches zero or more characters including "/". |
291 while "**" matches zero or more characters including "/". |
292 </para> |
292 </para> |
293 <section> |
293 <section> |
|
294 <title>/etc/mercurial-server and hgadmin</title> |
|
295 <para> |
|
296 mercurial-server consults two distinct locations to collect information about what to allow: <filename |
|
297 class='directory'>/etc/mercurial-server</filename> and its own <literal>hgadmin</literal> repository. This is useful for several reasons: |
|
298 </para> |
|
299 <itemizedlist> |
|
300 <listitem> |
|
301 Users may not need the sophistication of access control via mercurial; for these users updating <filename |
|
302 class='directory'>/etc/mercurial-server</filename> may offer a simpler route. |
|
303 </listitem> |
|
304 <listitem> |
|
305 <filename |
|
306 class='directory'>/etc/mercurial-server</filename> is suitable for management by some other route, such as with <link |
|
307 xlink:href="http://reductivelabs.com/products/puppet">Puppet</link> |
|
308 </listitem> |
|
309 <listitem> |
|
310 If a change to <literal>hgadmin</literal> leaves you "locked out", <filename |
|
311 class='directory'>/etc/mercurial-server</filename> allows you a way back in. |
|
312 </listitem> |
|
313 <listitem> |
|
314 At install time, all users are "locked out", and so some mechanism to allow some users in is needed. |
|
315 </listitem> |
|
316 </itemizedlist> |
|
317 <para> |
|
318 Rules in <filename>/etc/mercurial-server/access.conf</filename> take precedence over those in <literal>hgadmin</literal>, and obviously keys in <filename class='directory'>/etc/mercurial-server/keys</filename> cannot be affected by changes to <literal>hgadmin</literal>. |
|
319 </para> |
|
320 <para> |
|
321 We anticipate that once mercurial-server is successfully installed and |
|
322 working most users will want to use <literal>hgadmin</literal> for most |
|
323 access control tasks. Once you have the right keys and |
|
324 <filename>access.conf</filename> set up in <literal>hgadmin</literal>, you |
|
325 can delete <filename>/etc/mercurial-server/access.conf</filename> and all |
|
326 of <filename class='directory'>/etc/mercurial-server/keys</filename>, |
|
327 turning control entirely over to <literal>hgadmin</literal>. |
|
328 </para> |
|
329 </section> |
|
330 <section> |
294 <title>File and branch conditions</title> |
331 <title>File and branch conditions</title> |
295 <para> |
332 <para> |
296 mercurial-server supports file and branch conditions, which restrict an |
333 mercurial-server supports file and branch conditions, which restrict an |
297 operation depending on what files it modifies and what branch the work is |
334 operation depending on what files it modifies and what branch the work is |
298 on. </para> |
335 on. </para> |