README
changeset 63 b75177d307e5
parent 62 f1e319d3672a
parent 61 964ac53280cb
child 66 2f0ea1163b9e
--- a/README	Tue Feb 24 09:49:29 2009 +0000
+++ b/README	Tue Feb 24 09:49:56 2009 +0000
@@ -8,6 +8,8 @@
 This software may be used and distributed according to the terms
 of the GNU General Public License, incorporated herein by reference.
 
+http://hg.opensource.lshift.net/mercurial-server/
+
 WHAT IT GIVES YOU
 
 These tools make it easier to provide a centralized repository host
@@ -114,6 +116,14 @@
 way - these users will now be able to control hgadmin and create new
 repositories just as you can.
 
+Once you're working with "hgadmin", it can be convenient to remove all the keys
+in "/etc/mercurial-server/keys" and all the entries in
+"/etc/mercurial-server/access.conf" and use hgadmin to control everything. If
+you find yourself locked out, you can get back in again by restoring some of the
+entries you removed from these files - remember,
+"/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in
+"hgadmin".
+
 ACCESS.CONF
 
 Out of the box, there are just two kinds of users: the ones with keys in
@@ -223,15 +233,27 @@
 committed, which uses the rules file to determine whether to allow the
 changeset.
 
-LOCKED OUT?
+SECURITY OF MERCURIAL-SERVER
+
+mercurial-server relies entirely on sshd to grant access to remote users. As a
+result, it runs no daemons, installs no setuid programs, and no part of it runs
+as root except the install process: all programs run as the user hg. And any
+attack on mercurial-server can only be started if the Bad Guys already have a
+public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar the way. No
+matter what command the user tries to run on the remote system via ssh,
+mercurial-server is run. 
 
-Once you're working with "hgadmin", it can be convenient to remove all the keys
-in "/etc/mercurial-server/keys" and all the entries in
-"/etc/mercurial-server/access.conf" and use hgadmin to control everything. If
-you find yourself locked out, you can get back in again by restoring some of the
-entries you removed from these files - remember,
-"/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in
-"hgadmin".
+It parses the command line the user asked for, and interprets and runs the
+corresponding hg operation itself if access is allowed, so users can only read
+and add to history within repositories; they cannot run any other hg command. In
+addition, every push and pull is logged with a datestamp, changeset ID and the
+key that performed the operation.
+
+However, while the first paragraph holds no matter what bugs mercurial-server
+contains, the second depends on the relevant code being correct; though the
+entire codebase is currently only about twice as long as this README,
+mercurial-server is a fairly new program and may harbour bugs. Backups are
+essential!
 
 THANKS