diff -r f1e319d3672a -r b75177d307e5 README --- a/README Tue Feb 24 09:49:29 2009 +0000 +++ b/README Tue Feb 24 09:49:56 2009 +0000 @@ -8,6 +8,8 @@ This software may be used and distributed according to the terms of the GNU General Public License, incorporated herein by reference. +http://hg.opensource.lshift.net/mercurial-server/ + WHAT IT GIVES YOU These tools make it easier to provide a centralized repository host @@ -114,6 +116,14 @@ way - these users will now be able to control hgadmin and create new repositories just as you can. +Once you're working with "hgadmin", it can be convenient to remove all the keys +in "/etc/mercurial-server/keys" and all the entries in +"/etc/mercurial-server/access.conf" and use hgadmin to control everything. If +you find yourself locked out, you can get back in again by restoring some of the +entries you removed from these files - remember, +"/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in +"hgadmin". + ACCESS.CONF Out of the box, there are just two kinds of users: the ones with keys in @@ -223,15 +233,27 @@ committed, which uses the rules file to determine whether to allow the changeset. -LOCKED OUT? +SECURITY OF MERCURIAL-SERVER + +mercurial-server relies entirely on sshd to grant access to remote users. As a +result, it runs no daemons, installs no setuid programs, and no part of it runs +as root except the install process: all programs run as the user hg. And any +attack on mercurial-server can only be started if the Bad Guys already have a +public key in ~hg/.ssh/authorized_keys, otherwise sshd will bar the way. No +matter what command the user tries to run on the remote system via ssh, +mercurial-server is run. -Once you're working with "hgadmin", it can be convenient to remove all the keys -in "/etc/mercurial-server/keys" and all the entries in -"/etc/mercurial-server/access.conf" and use hgadmin to control everything. If -you find yourself locked out, you can get back in again by restoring some of the -entries you removed from these files - remember, -"/etc/mercurial-server/access.conf" takes precedence over the "access.conf" in -"hgadmin". +It parses the command line the user asked for, and interprets and runs the +corresponding hg operation itself if access is allowed, so users can only read +and add to history within repositories; they cannot run any other hg command. In +addition, every push and pull is logged with a datestamp, changeset ID and the +key that performed the operation. + +However, while the first paragraph holds no matter what bugs mercurial-server +contains, the second depends on the relevant code being correct; though the +entire codebase is currently only about twice as long as this README, +mercurial-server is a fairly new program and may harbour bugs. Backups are +essential! THANKS