doc/configuring-access
branchdebian
changeset 172 5dd3698fad54
parent 118 107906bfe2c6
parent 171 7b69d1d86254
child 174 f141a4b9d5a9
--- a/doc/configuring-access	Tue Oct 13 18:32:26 2009 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-ACCESS.CONF
-
-Out of the box, there are just two kinds of users: the ones with keys in
-"keys/root" and those in "keys/users". However, you can change this by
-editing "access.conf". There are two "access.conf" files, one in
-"/etc/mercurial-server" and one in "hgadmin"; the two are simply
-concatenated before being read.
-
-Each line of access.conf has the following syntax:
-
-<rule> <condition> <condition> ...
-
-Rule is one of
-
-init - allow any operation, including the creation of new repositories
-write - allow reads and writes to this file in this repository
-read - allow the repo to be read but reject matching writes
-deny - deny all requests
-
-A condition is a globpattern matched against a relative path. The two most
-important conditions are
-
-    user=<globpattern> - user's key
-    repo=<globpattern> - repo (as the user supplies it)
-
-The first rule in the file which has all its conditions satisfied is used
-to determine whether an action is allowed. If no rule is matched the
-request is denied.
-
-"*" only matches one directory level, where "**" matches as many as you
-want. More precisely, "*" matches zero or more characters not including "/"
-while "**" matches zero or more characters including "/".
-
-Blank lines and lines that start with "#" are ignored.
-
-access.conf ships with the following contents:
-
-    init user=root/**
-    deny repo=hgadmin
-    write user=users/**
-
-This means: keys in "root" can do anything; keys in "users" cannot create
-repositories, cannot even read the hgadmin repository, but can read and
-write any other repository; no other key has any access.
-
-More advanced access configuration is covered in file-conditions.
-