/etc/mercurial-server and hgadmin

diff -r 5758cf47ff43 -r f4688940fe15 doc/manual.docbook --- a/doc/manual.docbook Thu Oct 15 11:05:14 2009 +0100 +++ b/doc/manual.docbook Thu Oct 15 11:23:38 2009 +0100 @@ -195,21 +195,75 @@ "*" only matches one directory level, where "**" matches as many as you want. More precisely, "*" matches zero or more characters not including "/" -while "**" matches zero or more characters including "/". +while "**" matches zero or more characters including "/". So +projects/* matches projects/foo but not projects/foo/bar, while +projects/** matches both. -When considering a request, mercurial-server steps through all the rules in /etc/mercurial-server/access.conf and then all the rules in access.conf in hgadmin looking for a rule which matches on every condition. If it does not find such a rule, it denies the request; otherwise it checks whether the rule grants sufficient privilege to allow it. +When considering a request, mercurial-server steps through all the rules in +/etc/mercurial-server/access.conf and then all the +rules in access.conf in hgadmin +looking for a rule which matches on every condition. The first match +determines whether the request will be allowed; if there is no match in +either file, the request will be denied. -By default, /etc/mercurial-server/access.conf has the following rules: +By default, /etc/mercurial-server/access.conf has the +following rules: init user=root/** deny repo=hgadmin write user=users/** -These rules ensure that root users can do any operation on any repository, that no other users can access the hgadmin repository, and that those with keys in keys/users can read or write to any repository but not create repositories. +These rules ensure that root users can do any operation on any repository, +that no other users can access the hgadmin repository, +and that those with keys in keys/users can read or write to any repository +but not create repositories. If these are the only rules in effect, they +have the following consequences: + + +Any request from a user with a key under keys/root will match the first rule; since +this rule is init the request will always be allowed. + + +Any request to access the hgadmin by any other user will +not match the first rule, but will match the second rule, and so will be +denied. + + +Any request to create a repository from a user with a key in keys/users will not match the first or second +rules, but will match the third rule. This is a write +rule, which doesn't grant the privilege to create repositories, so the +request will be denied. + + +Any request to access an existing repository from a user with a key in +keys/users will not match the first +or second rules, but will match the third rule, which grants +write privilege, so the request will be allowed. + + +Any request from any user whose key is in neither keys/root nor keys/users will not match any rule and so will +be denied. Unless it matches the second rule, in which case it will still +be denied. Changes to the access.conf in hgadmin will change that, as the example at the start of this section shows. + + +Any request from a user whose key not under the keys directory at all will always be denied, +no matter what rules are in effect; because of the way SSH authentication +works, they will be prompted to enter a password, but no password will +work. This can't be changed. + +