diff -r 834426fcbada -r 1206ed37090a README --- a/README Thu Apr 17 17:34:07 2008 +0100 +++ b/README Fri Apr 18 09:13:37 2008 +0100 @@ -1,4 +1,4 @@ -hg-admin-tools version 0.1 +hg-admin-tools A set of tools for managing authorization and access control for ssh-based Mercurial repositories @@ -50,7 +50,7 @@ this repository re-runs "refresh-auth" on the most recent version after every push. -INSTRUCTIONS FOR USE +GETTING STARTED This is only one setup - it can be tweaked in many ways, and is as specific as it is only in the interests of brevity. @@ -70,17 +70,19 @@ Issue these commands to become the hg user and set up the repository. Use your own name in place of "myname". + ssh-add -L >> /tmp/my-ssh-public-key sudo -u hg -s cd ~hg mkdir -p admin repos/hgadmin/keys/admin cd admin - tar xvzf /tmp/hg-admin-tools.tar.gz - mv hg-admin-tools* hg-admin-tools + hg clone http://hg.opensource.lshift.net/hg-admin-tools cp hg-admin-tools/hg-ssh-wrapper ~ cd ../repos/hgadmin hg init . echo "init admin/* *" > hg-ssh-access.conf cp /tmp/my-ssh-public-key keys/admin/myname + hg add + hg commit cp ~/admin/hg-admin-tools/hgadmin-hgrc .hg/hgrc ../../admin/hg-admin-tools/refresh-auth exit @@ -96,7 +98,9 @@ You can now add other users by putting their keys in an appropriate subdirectory of the "keys" directory, and control their access by editing hg-ssh-access.conf. Changes will take effect as soon as you -push them to the remote ssh server. +push them to the remote repository. + +HG-SSH-ACCESS.CONF Each line of hg-ssh-access.conf has the following syntax: @@ -108,5 +112,7 @@ "repositorypattern" is a pattern matched againt the repository name - so "hgadmin" matches "*". Only boring characters are allowed in patterns and key and repository names - see the source for details. -Blank lines and lines that start with "#" are ignored. - +Blank lines and lines that start with "#" are ignored. The first rule +to match both the key and the repository applies: "deny" will deny all +matching requests, "allow" allows read/write access to existing +repositories, and "init" allows that and creation of new repositories.