diff -r 107906bfe2c6 -r 5dd3698fad54 doc/configuring-access --- a/doc/configuring-access Tue Oct 13 18:32:26 2009 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,47 +0,0 @@ -ACCESS.CONF - -Out of the box, there are just two kinds of users: the ones with keys in -"keys/root" and those in "keys/users". However, you can change this by -editing "access.conf". There are two "access.conf" files, one in -"/etc/mercurial-server" and one in "hgadmin"; the two are simply -concatenated before being read. - -Each line of access.conf has the following syntax: - - ... - -Rule is one of - -init - allow any operation, including the creation of new repositories -write - allow reads and writes to this file in this repository -read - allow the repo to be read but reject matching writes -deny - deny all requests - -A condition is a globpattern matched against a relative path. The two most -important conditions are - - user= - user's key - repo= - repo (as the user supplies it) - -The first rule in the file which has all its conditions satisfied is used -to determine whether an action is allowed. If no rule is matched the -request is denied. - -"*" only matches one directory level, where "**" matches as many as you -want. More precisely, "*" matches zero or more characters not including "/" -while "**" matches zero or more characters including "/". - -Blank lines and lines that start with "#" are ignored. - -access.conf ships with the following contents: - - init user=root/** - deny repo=hgadmin - write user=users/** - -This means: keys in "root" can do anything; keys in "users" cannot create -repositories, cannot even read the hgadmin repository, but can read and -write any other repository; no other key has any access. - -More advanced access configuration is covered in file-conditions. -