diff -r 7369ff737684 -r 86ec1268d306 doc/configuring-access --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/configuring-access Sat Mar 07 09:31:06 2009 +0000 @@ -0,0 +1,47 @@ +ACCESS.CONF + +Out of the box, there are just two kinds of users: the ones with keys in +"keys/root" and those in "keys/users". However, you can change this by editing +"access.conf". There are two "access.conf" files, one in +"/etc/mercurial-server" and one in "hgadmin"; the two are simply concatenated +before being read. + +Each line of access.conf has the following syntax: + + ... + +Rule is one of + +init - allow any operation, including the creation of new repositories +write - allow reads and writes to this file in this repository +read - allow the repo to be read but reject matching writes +deny - deny all requests + +A condition is a globpattern matched against a relative path. The two most +important conditions are + + user= - user's key + repo= - repo (as the user supplies it) + +The first rule in the file which has all its conditions satisfied is used to +determine whether an action is allowed. + +Paths cannot contain any special characters except "/"; glob patterns cannot +contain any special characters except "/" and "*". "*" matches zero or more +characters not including "/" while "**" matches zero or more characters +including "/". + +Blank lines and lines that start with "#" are ignored. + +access.conf ships with the following contents: + + init user=root/** + deny repo=hgadmin + write user=users/** + +This means: keys in "root" can do anything; keys in "users" cannot create +repositories, cannot even read the hgadmin repository, but can read and write +any other repository; no other key has any access. + +More advanced access configuration is covered in file-conditions. +