Mercurial Mercurial > hg > mercurial-server / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move basic access control to the start of access control
authorPaul Crowley <paul@lshift.net>
Wed, 14 Oct 2009 17:10:04 +0100
changeset 132 a5850a63390f
parent 131 e8bf13d06582
child 133 a99ab5be891a
Move basic access control to the start of access control
doc/manual.docbook file | annotate | diff | comparison | revisions 
--- a/doc/manual.docbook	Wed Oct 14 17:06:53 2009 +0100
+++ b/doc/manual.docbook	Wed Oct 14 17:10:04 2009 +0100
@@ -142,18 +142,17 @@
 However, using <literal>hgadmin</literal> is usually more convenient if you need to make more than a very few changes; it also makes it easier to share administration with others and provides a log of all changes.
 </para>
 </section>
+</section>
 <section>
-<title>Basic access control</title>
+<title>Access control</title>
 <para>
 Out of the box, mercurial-server supports two kinds of users: "root" users and normal users.  If you followed the steps above, you are a "root" user because your key is under <filename class='directory'>keys/root</filename>, while the other user you gave access to is a normal user since their key is under <filename class='directory'>keys/users</filename>.  Keys that are not in either of these directories will by default have no access to anything.
 </para>
 <para>
-Root users can edit <literal>hgadmin</literal>, create new repositories and read and write to existing ones.  Normal users cannot access <literal>hgadmin</literal> or create new repositories, but they can read and write to any other repository.  This is only the default configuration; for more advanced configuration read <xref linkend="accesscontrol"/>.
+Root users can edit <literal>hgadmin</literal>, create new repositories and read and write to existing ones.  Normal users cannot access <literal>hgadmin</literal> or create new repositories, but they can read and write to any other repository.
 </para>
-</section>
-</section>
-<section id="accesscontrol">
-<title>Access control</title>
+<section>
+<title>Using access.conf</title>
 <para>
 mercurial-server offers much more fine-grained access control than this division into two classes of users.  Let's suppose you wish to give Pat access to the <literal>widget</literal> repository, but no other.  We first copy Pat's SSH public key into the <filename
 class='directory'>keys/widget/pat</filename> directory in <literal>hgadmin</literal>.  Now mercurial-server knows about Pat's key, but will give Pat no access to anything because the key is not under either <filename
@@ -219,6 +218,7 @@
 want. More precisely, "*" matches zero or more characters not including "/"
 while "**" matches zero or more characters including "/".
 </para>
+</section>
 <section>
 <title>/etc/mercurial-server and hgadmin</title>
 <para>
mercurial-server