diff -r 04e74d4b3822 -r b29a7088b132 doc/manual.docbook --- a/doc/manual.docbook Thu Oct 15 10:35:31 2009 +0100 +++ b/doc/manual.docbook Thu Oct 15 10:38:13 2009 +0100 @@ -181,19 +181,6 @@ </listitem> </itemizedlist> <para> -When considering a request, mercurial-server steps through all the rules in <filename>/etc/mercurial-server/access.conf</filename> and then all the rules in <filename>access.conf</filename> in <literal>hgadmin</literal> looking for a rule which matches on every condition. If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it. -</para> -<para> -By default, <filename>/etc/mercurial-server/access.conf</filename> has the following rules: -</para> -<programlisting>init user=root/** -deny repo=hgadmin -write user=users/** -</programlisting> -<para> -These rules ensure that root users can do any operation on any repository, that no other users can access the <literal>hgadmin</literal> repository, and that those with keys in <filename class='directory'>keys/users</filename> can read or write to any repository but not create repositories. -</para> -<para> A condition is a globpattern matched against a relative path. The two most important conditions are </para> @@ -210,6 +197,19 @@ want. More precisely, "*" matches zero or more characters not including "/" while "**" matches zero or more characters including "/". </para> +<para> +When considering a request, mercurial-server steps through all the rules in <filename>/etc/mercurial-server/access.conf</filename> and then all the rules in <filename>access.conf</filename> in <literal>hgadmin</literal> looking for a rule which matches on every condition. If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it. +</para> +<para> +By default, <filename>/etc/mercurial-server/access.conf</filename> has the following rules: +</para> +<programlisting>init user=root/** +deny repo=hgadmin +write user=users/** +</programlisting> +<para> +These rules ensure that root users can do any operation on any repository, that no other users can access the <literal>hgadmin</literal> repository, and that those with keys in <filename class='directory'>keys/users</filename> can read or write to any repository but not create repositories. +</para> </section> <section> <title>/etc/mercurial-server and hgadmin</title>