diff -r 02b464a6b433 -r 5758cf47ff43 doc/manual.docbook
--- a/doc/manual.docbook Thu Oct 15 11:00:32 2009 +0100
+++ b/doc/manual.docbook Thu Oct 15 11:05:14 2009 +0100
@@ -360,7 +360,8 @@
How mercurial-server works
All of the repositories controlled by mercurial-server are owned by a
-single user, the hg user, which is why all URLs for
+single user, the hg user, which is why all URLs for
mercurial-server repositories start with ssh://hg@....
Each SSH key that has access to the repository has an entry in
~hg/.ssh/authorized_keys; this is how the SSH daemon
@@ -388,19 +389,21 @@
Security
-mercurial-server relies entirely on sshd to grant access to remote users.
+mercurial-server relies entirely on sshd to grant access to remote users.
As a result, it runs no daemons, installs no setuid programs, and no part
-of it runs as root except the install process: all programs run as the user
-hg. Any attack on mercurial-server can only be started if the attacker
+of it runs as root except the install process: all programs run as the user
+hg. Any attack on mercurial-server can only be started if the attacker
already has a public key in ~hg/.ssh/authorized_keys,
-otherwise sshd will bar the way.
+otherwise sshd will bar the way.
No matter what command the user tries to run on the remote system via SSH,
mercurial-server is run. It parses the command line the user asked for, and
-interprets and runs the corresponding hg operation itself if access is
+interprets and runs the corresponding operation itself if access is
allowed, so users can only read and add to history within repositories;
-they cannot run any other hg command. In addition, every push and pull is
+they cannot run any other command. In addition, every push and pull is
logged with a datestamp, changeset ID and the key that performed the
operation.