# HG changeset patch # User Paul Crowley # Date 1255530356 -3600 # Node ID fc5b8fc1040ebcdee3ffb63816abd3226a5e5578 # Parent 6836769f51347498d2ea4f1a5fce5fbc52c5e8d6 Explain why we configure access twice diff -r 6836769f5134 -r fc5b8fc1040e doc/manual.docbook --- a/doc/manual.docbook Wed Oct 14 15:22:51 2009 +0100 +++ b/doc/manual.docbook Wed Oct 14 15:25:56 2009 +0100 @@ -291,6 +291,43 @@ while "**" matches zero or more characters including "/".
+/etc/mercurial-server and hgadmin + +mercurial-server consults two distinct locations to collect information about what to allow: /etc/mercurial-server and its own hgadmin repository. This is useful for several reasons: + + + +Users may not need the sophistication of access control via mercurial; for these users updating /etc/mercurial-server may offer a simpler route. + + +/etc/mercurial-server is suitable for management by some other route, such as with Puppet + + +If a change to hgadmin leaves you "locked out", /etc/mercurial-server allows you a way back in. + + +At install time, all users are "locked out", and so some mechanism to allow some users in is needed. + + + +Rules in /etc/mercurial-server/access.conf take precedence over those in hgadmin, and obviously keys in /etc/mercurial-server/keys cannot be affected by changes to hgadmin. + + +We anticipate that once mercurial-server is successfully installed and +working most users will want to use hgadmin for most +access control tasks. Once you have the right keys and +access.conf set up in hgadmin, you +can delete /etc/mercurial-server/access.conf and all +of /etc/mercurial-server/keys, +turning control entirely over to hgadmin. + +
+
File and branch conditions mercurial-server supports file and branch conditions, which restrict an