doc/manual.docbook
changeset 125 fc5b8fc1040e
parent 124 6836769f5134
child 126 fd7ebe95d8e5
equal deleted inserted replaced
124:6836769f5134 125:fc5b8fc1040e
   289 "*" only matches one directory level, where "**" matches as many as you
   289 "*" only matches one directory level, where "**" matches as many as you
   290 want. More precisely, "*" matches zero or more characters not including "/"
   290 want. More precisely, "*" matches zero or more characters not including "/"
   291 while "**" matches zero or more characters including "/".
   291 while "**" matches zero or more characters including "/".
   292 </para>
   292 </para>
   293 <section>
   293 <section>
       
   294 <title>/etc/mercurial-server and hgadmin</title>
       
   295 <para>
       
   296 mercurial-server consults two distinct locations to collect information about what to allow: <filename
       
   297 class='directory'>/etc/mercurial-server</filename> and its own <literal>hgadmin</literal> repository.  This is useful for several reasons:
       
   298 </para>
       
   299 <itemizedlist>
       
   300 <listitem>
       
   301 Users may not need the sophistication of access control via mercurial; for these users updating <filename
       
   302 class='directory'>/etc/mercurial-server</filename> may offer a simpler route.
       
   303 </listitem>
       
   304 <listitem>
       
   305 <filename
       
   306 class='directory'>/etc/mercurial-server</filename> is suitable for management by some other route, such as with  <link
       
   307 xlink:href="http://reductivelabs.com/products/puppet">Puppet</link>
       
   308 </listitem>
       
   309 <listitem>
       
   310 If a change to <literal>hgadmin</literal> leaves you "locked out", <filename
       
   311 class='directory'>/etc/mercurial-server</filename> allows you a way back in.
       
   312 </listitem>
       
   313 <listitem>
       
   314 At install time, all users are "locked out", and so some mechanism to allow some users in is needed.
       
   315 </listitem>
       
   316 </itemizedlist>
       
   317 <para>
       
   318 Rules in <filename>/etc/mercurial-server/access.conf</filename> take precedence over those in <literal>hgadmin</literal>, and obviously keys in <filename class='directory'>/etc/mercurial-server/keys</filename> cannot be affected by changes to <literal>hgadmin</literal>.
       
   319 </para>
       
   320 <para>
       
   321 We anticipate that once mercurial-server is successfully installed and
       
   322 working most users will want to use <literal>hgadmin</literal> for most
       
   323 access control tasks. Once you have the right keys and
       
   324 <filename>access.conf</filename> set up in <literal>hgadmin</literal>, you
       
   325 can delete <filename>/etc/mercurial-server/access.conf</filename> and all
       
   326 of <filename class='directory'>/etc/mercurial-server/keys</filename>,
       
   327 turning control entirely over to <literal>hgadmin</literal>.
       
   328 </para>
       
   329 </section>
       
   330 <section>
   294 <title>File and branch conditions</title>
   331 <title>File and branch conditions</title>
   295 <para>
   332 <para>
   296 mercurial-server supports file and branch conditions, which restrict an
   333 mercurial-server supports file and branch conditions, which restrict an
   297 operation depending on what files it modifies and what branch the work is
   334 operation depending on what files it modifies and what branch the work is
   298 on. </para>
   335 on. </para>