Mercurial Mercurial > hg > mercurial-server / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cleanups to the security section
authorPaul Crowley <paul@lshift.net>
Thu, 15 Oct 2009 11:05:14 +0100
changeset 151 5758cf47ff43
parent 150 02b464a6b433
child 152 f4688940fe15
cleanups to the security section
doc/manual.docbook file | annotate | diff | comparison | revisions 
--- a/doc/manual.docbook	Thu Oct 15 11:00:32 2009 +0100
+++ b/doc/manual.docbook	Thu Oct 15 11:05:14 2009 +0100
@@ -360,7 +360,8 @@
 <title>How mercurial-server works</title>
 <para>
 All of the repositories controlled by mercurial-server are owned by a
-single user, the <literal>hg</literal> user, which is why all URLs for
+single user, the <systemitem
+class="username">hg</systemitem> user, which is why all URLs for
 mercurial-server repositories start with <literal>ssh://hg@...</literal>.
 Each SSH key that has access to the repository has an entry in
 <filename>~hg/.ssh/authorized_keys</filename>; this is how the SSH daemon
@@ -388,19 +389,21 @@
 <section>
 <title>Security</title>
 <para>
-mercurial-server relies entirely on sshd to grant access to remote users.
+mercurial-server relies entirely on <command>sshd</command> to grant access to remote users.
 As a result, it runs no daemons, installs no setuid programs, and no part
-of it runs as root except the install process: all programs run as the user
-hg. Any attack on mercurial-server can only be started if the attacker
+of it runs as <systemitem
+class="username">root</systemitem> except the install process: all programs run as the user
+<systemitem
+class="username">hg</systemitem>. Any attack on mercurial-server can only be started if the attacker
 already has a public key in <filename>~hg/.ssh/authorized_keys</filename>,
-otherwise sshd will bar the way.
+otherwise <command>sshd</command> will bar the way.
 </para>
 <para>
 No matter what command the user tries to run on the remote system via SSH,
 mercurial-server is run. It parses the command line the user asked for, and
-interprets and runs the corresponding hg operation itself if access is
+interprets and runs the corresponding operation itself if access is
 allowed, so users can only read and add to history within repositories;
-they cannot run any other hg command. In addition, every push and pull is
+they cannot run any other command. In addition, every push and pull is
 logged with a datestamp, changeset ID and the key that performed the
 operation.
 </para>
mercurial-server