mercurial-server: comparison README

equal deleted inserted replaced

-:9ea9a30cd060
+:fdf8f5f0c283
 "keys/users" subdirectory - these users will be able to read and write to any
 repository (except one - see below) but will not be able to create new
 repositories. As always, when you change "/etc/mercurial-server/keys" you need
 to re-run "/etc/mercurial-server/refresh-auth".
+LOGGING
+Every push and pull is logged with the key used: see the file .hg/serve-log in
+each repository.
 USING HGADMIN
 It can be inconvenient to log on to the repository server, become root, copy
 keys around, and run "refresh-auth" every time you want to change user
 privileges. This is where mercurial-server shines :-) Suppose you have another
 user=<globpattern> - user's key
 repo=<globpattern> - repo (as the user supplies it)
 file=<globpattern> - file in the repo
 branch=<globpattern> - name of the branch
-The first rule in the file which has all its conditions satisfied is
+The first rule in the file which has all its conditions satisfied is used to
-used to determine whether an action is allowed.
+determine whether an action is allowed.
-Paths cannot contain any special characters except "/"; glob patterns
+Paths cannot contain any special characters except "/"; glob patterns cannot
-cannot contain any special characters except "/" and "*".  "*" matches
+contain any special characters except "/" and "*". "*" matches zero or more
-zero or more characters not including "/" while "**" matches zero or
+characters not including "/" while "**" matches zero or more characters
-more characters including "/".
+including "/".
 Blank lines and lines that start with "#" are ignored.
 FILE CONDITIONS
 - Whether to allow a repository to be created
 - Whether to allow access to a repository
 - Whether to allow a changeset on a particular branch at all
 - Whether to allow a changeset to change a particular file
-When the first two of these decisions are being made, nothing is known
+When the first two of these decisions are being made, nothing is known about
-about what files might be changed, and so all file conditions
+what files might be changed, and so all file conditions automatically succeed
-automatically succeed for the purpose of such decisions.  This means
+for the purpose of such decisions. This means that doing tricky things with file
-that doing tricky things with file conditions can have
+conditions can have counterintuitive consequences:
-counterintuitive consequences:
+- You cannot limit read access to a subset of a repository with a "read" rule
-- You cannot limit read access to a subset of a repository with a
+and a file condition: any user who has access to a repository can read all of it
-"read" rule and a file condition: any user who has access to a
+and its full history. Such a rule can only have the effect of masking a later
-repository can read all of it and its full history.  Such a rule can
+"write" rule, as in this example:
-only have the effect of masking a later "write" rule, as in this
-example:
 read repo=specialrepo file=dontwritethis
 write repo=specialrepo
-allows all users to read specialrepo, and to write to all files
+allows all users to read specialrepo, and to write to all files *except* that
-*except* that any changeset which writes to "dontwritethis" will be
+any changeset which writes to "dontwritethis" will be rejected.
-rejected.
 - For similar reasons, don't give "init" rules file conditions.
-- Don't try to deny write access to a particular file on a particular
+- Don't try to deny write access to a particular file on a particular branch - a
-branch - a developer can write to the file on another branch and then
+developer can write to the file on another branch and then merge it in. Either
-merge it in.  Either deny all writes to the branch from that user, or
+deny all writes to the branch from that user, or allow them to write to all the
-allow them to write to all the files they can write to on any branch.
+files they can write to on any branch. In other words, something like this will
-In other words, something like this will have the intended effect
+have the intended effect:
 write user=docs/* branch=docs file=docs/*
-But something like this will not have the intended effect; it will
+But something like this will not have the intended effect; it will effectively
-effectively allow these users to write to any file on any branch, by
+allow these users to write to any file on any branch, by writing it to "docs"
-writing it to "docs" first:
+first:
 write user=docs/* branch=docs
 write user=docs/* file=docs/*
 read user=docs/*
 HOW IT WORKS
-When a developer attempts to connect to a repository via ssh, the SSH
+When a developer attempts to connect to a repository via ssh, the SSH daemon
-daemon searches for a match for that user's key in
+searches for a match for that user's key in ~hg/.ssh/authorized_keys. If the
-~hg/.ssh/authorized_keys.  If the developer is authorised to connect
+developer is authorised to connect to the repository they will have an entry in
-to the repository they will have an entry in this file.  The entry
+this file. The entry includes a "command" prefix which specifies that the
-includes a "command" prefix which specifies that the restricted shell
+restricted shell should be used; this shell is passed an argument identifying
-should be used; this shell is passed an argument identifying the
+the developer. The shell parses the command the developer is trying to execute,
-developer.  The shell parses the command the developer is trying to
+and consults a rules file to see if that developer is allowed to perform that
-execute, and consults a rules file to see if that developer is allowed
+action on that repository. The bulk of the work of the restricted shell is done
-to perform that action on that repository.  The bulk of the work of
+by the Python program "hg-ssh", but the shell script "hg-ssh-wrapper" sets up
-the restricted shell is done by the Python program "hg-ssh", but the
+some configuration so that you can change it to suit your local installation.
-shell script "hg-ssh-wrapper" sets up some configuration so that you
-can change it to suit your local installation.
+The file ~hg/.ssh/authorized_keys is generated by "refresh-auth", which recurses
+through two directories of files containing SSH keys and generates an entry in
-The file ~hg/.ssh/authorized_keys is generated by "refresh-auth",
+authorized_keys for each one, using the name of the key file as the identifier
-which recurses through a directory of files containing SSH keys and
+for the developer. These keys will live in the "keys" subdirectory
-generates an entry in authorized_keys for each one, using the name of
+"/etc/mercurial-server" and the "keys" subdirectory of a repository called
-the key file as the identifier for the developer.  These keys will
+"hgadmin". A hook in this repository re-runs "refresh-auth" on the most recent
-live in the "keys" subdirectory of a repository called "hgadmin".  A
-hook in this repository re-runs "refresh-auth" on the most recent
 version after every push.
-Finally, a hook in an extension is run for each changeset that is
+Finally, hook in an extension is run for each changeset that is remotely
-remotely committed, which uses the rules file to determine whether to
+committed, which uses the rules file to determine whether to allow the
-allow the changeset.
+changeset.
 LOCKED OUT?
 Once you're working with "hgadmin", it can be convenient to remove all the keys
 in "/etc/mercurial-server/keys" and all the entries in
 "/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in
 "hgadmin".
 THANKS
-Thanks for reading this far.  If you use mercurial-server, please tell
+Thanks for reading this far. If you use mercurial-server, please tell me about
-me about it.
+it.
 Paul Crowley, 2009

changeset 57	fdf8f5f0c283
parent 50	77d97aa18f29
child 60	909f3801ee44
child 62	f1e319d3672a