diff -r fcb20d7593e6 -r f23736ad66bc README --- a/README Fri Mar 06 16:15:28 2009 +0000 +++ b/README Sat Mar 07 08:55:42 2009 +0000 @@ -23,10 +23,10 @@ To give a user access to the repository, place their key in an appropriately-named subdirectory of "/etc/mercurial-server/keys" and run -"/etc/mercurial-server/refresh-auth". You can then control what access they -have to what repositories by editing the control file -"/etc/mercurial-server/access.conf", which can match the names of these -keys against a glob pattern. +"/usr/local/lib/mercurial-server/refresh-auth". You can then control what +access they have to what repositories by editing the control file +"/etc/mercurial-server/access.conf", which can match the names of these keys +against a glob pattern. For convenient remote control of access, you can instead (if you have the privileges) make changes to a special repository called "hgadmin", which @@ -58,7 +58,7 @@ (ie the file is called something like "/etc/mercurial-server/keys/root/yourname/yourhostname") so that you can easily manage users who have a different key on each host they use. Then run -"/etc/mercurial-server/refresh-auth". +"/usr/local/lib/mercurial-server/refresh-auth". The repository is now ready to use, and you are now the sole user able to change and create repositories on this repository host. @@ -81,7 +81,7 @@ "keys/users" subdirectory - these users will be able to read and write to any repository (except one - see below) but will not be able to create new repositories. As always, when you change "/etc/mercurial-server/keys" you need -to re-run "/etc/mercurial-server/refresh-auth". +to re-run "/usr/local/lib/mercurial-server/refresh-auth". LOGGING @@ -213,13 +213,10 @@ searches for a match for that user's key in ~hg/.ssh/authorized_keys. If the developer is authorised to connect to the repository they will have an entry in this file. The entry includes a "command" prefix which specifies that the -restricted shell should be used; this shell is passed an argument identifying -the developer. The shell parses the command the developer is trying to -execute, and consults a rules file to see if that developer is allowed to -perform that action on that repository. The bulk of the work of the restricted -shell is done by the Python program "hg-ssh", but the shell script -"hg-ssh-wrapper" sets up some configuration so that you can change it to suit -your local installation. +restricted shell "/usr/local/lib/mercurial-server/hg-ssh" should be used; this +shell is passed an argument identifying the developer. The shell parses the +command the developer is trying to execute, and consults a rules file to see +if that developer is allowed to perform that action on that repository. The file ~hg/.ssh/authorized_keys is generated by "refresh-auth", which recurses through two directories of files containing SSH keys and generates an