diff -r eace50ec6427 -r 3035990989ee doc/configuring-access --- a/doc/configuring-access Tue Oct 13 12:03:23 2009 +0100 +++ b/doc/configuring-access Tue Oct 13 12:22:30 2009 +0100 @@ -1,10 +1,10 @@ ACCESS.CONF Out of the box, there are just two kinds of users: the ones with keys in -"keys/root" and those in "keys/users". However, you can change this by editing -"access.conf". There are two "access.conf" files, one in -"/etc/mercurial-server" and one in "hgadmin"; the two are simply concatenated -before being read. +"keys/root" and those in "keys/users". However, you can change this by +editing "access.conf". There are two "access.conf" files, one in +"/etc/mercurial-server" and one in "hgadmin"; the two are simply +concatenated before being read. Each line of access.conf has the following syntax: @@ -23,13 +23,14 @@ user= - user's key repo= - repo (as the user supplies it) -The first rule in the file which has all its conditions satisfied is used to -determine whether an action is allowed. +The first rule in the file which has all its conditions satisfied is used +to determine whether an action is allowed. If no rule is matched the +request is denied. -Paths cannot contain any special characters except "/"; glob patterns cannot -contain any special characters except "/" and "*". "*" matches zero or more -characters not including "/" while "**" matches zero or more characters -including "/". +Paths cannot contain any special characters except "/"; glob patterns +cannot contain any special characters except "/" and "*". "*" matches zero +or more characters not including "/" while "**" matches zero or more +characters including "/". Blank lines and lines that start with "#" are ignored. @@ -40,8 +41,8 @@ write user=users/** This means: keys in "root" can do anything; keys in "users" cannot create -repositories, cannot even read the hgadmin repository, but can read and write -any other repository; no other key has any access. +repositories, cannot even read the hgadmin repository, but can read and +write any other repository; no other key has any access. More advanced access configuration is covered in file-conditions.