diff -r e8bf13d06582 -r a5850a63390f doc/manual.docbook
--- a/doc/manual.docbook Wed Oct 14 17:06:53 2009 +0100
+++ b/doc/manual.docbook Wed Oct 14 17:10:04 2009 +0100
@@ -142,18 +142,17 @@
However, using hgadmin is usually more convenient if you need to make more than a very few changes; it also makes it easier to share administration with others and provides a log of all changes.
+
-Basic access control
+Access control
Out of the box, mercurial-server supports two kinds of users: "root" users and normal users. If you followed the steps above, you are a "root" user because your key is under keys/root, while the other user you gave access to is a normal user since their key is under keys/users. Keys that are not in either of these directories will by default have no access to anything.
-Root users can edit hgadmin, create new repositories and read and write to existing ones. Normal users cannot access hgadmin or create new repositories, but they can read and write to any other repository. This is only the default configuration; for more advanced configuration read .
+Root users can edit hgadmin, create new repositories and read and write to existing ones. Normal users cannot access hgadmin or create new repositories, but they can read and write to any other repository.
-
-
-
-Access control
+
+Using access.conf
mercurial-server offers much more fine-grained access control than this division into two classes of users. Let's suppose you wish to give Pat access to the widget repository, but no other. We first copy Pat's SSH public key into the keys/widget/pat directory in hgadmin. Now mercurial-server knows about Pat's key, but will give Pat no access to anything because the key is not under either
+
/etc/mercurial-server and hgadmin