doc/configuring-access
branchdebian
changeset 115 731a72b742db
parent 114 241475f6440c
--- a/doc/configuring-access	Thu May 28 10:43:30 2009 +0100
+++ b/doc/configuring-access	Tue Oct 13 15:30:03 2009 +0100
@@ -1,10 +1,10 @@
 ACCESS.CONF
 
 Out of the box, there are just two kinds of users: the ones with keys in
-"keys/root" and those in "keys/users". However, you can change this by editing
-"access.conf". There are two "access.conf" files, one in
-"/etc/mercurial-server" and one in "hgadmin"; the two are simply concatenated
-before being read.
+"keys/root" and those in "keys/users". However, you can change this by
+editing "access.conf". There are two "access.conf" files, one in
+"/etc/mercurial-server" and one in "hgadmin"; the two are simply
+concatenated before being read.
 
 Each line of access.conf has the following syntax:
 
@@ -23,13 +23,13 @@
     user=<globpattern> - user's key
     repo=<globpattern> - repo (as the user supplies it)
 
-The first rule in the file which has all its conditions satisfied is used to
-determine whether an action is allowed.
+The first rule in the file which has all its conditions satisfied is used
+to determine whether an action is allowed. If no rule is matched the
+request is denied.
 
-Paths cannot contain any special characters except "/"; glob patterns cannot
-contain any special characters except "/" and "*". "*" matches zero or more
-characters not including "/" while "**" matches zero or more characters
-including "/".
+"*" only matches one directory level, where "**" matches as many as you
+want. More precisely, "*" matches zero or more characters not including "/"
+while "**" matches zero or more characters including "/".
 
 Blank lines and lines that start with "#" are ignored.
 
@@ -40,8 +40,8 @@
     write user=users/**
 
 This means: keys in "root" can do anything; keys in "users" cannot create
-repositories, cannot even read the hgadmin repository, but can read and write
-any other repository; no other key has any access.
+repositories, cannot even read the hgadmin repository, but can read and
+write any other repository; no other key has any access.
 
 More advanced access configuration is covered in file-conditions.