diff -r 30b25ebaa63b -r cc0593af30d4 hgext/acl.py --- a/hgext/acl.py Mon Jun 22 14:08:49 2009 +0200 +++ b/hgext/acl.py Mon Jun 22 14:49:07 2009 +0200 @@ -8,16 +8,21 @@ '''provide simple hooks for access control -Authorization is against local user name on system where hook is run, not -committer of original changeset (since that is easy to spoof). +This hook makes it possible to allow or deny write access to portions +of a repository when receiving incoming changesets. + +The authorization is matched based on the local user name on the +system where the hook runs, and not the committer of the original +changeset (since the latter is merely informative). -The acl hook is best to use if you use hgsh to set up restricted shells for -authenticated users to only push to / pull from. It's not safe if user has -interactive shell access, because they can disable the hook. It's also not -safe if remote users share one local account, because then there's no way to -tell remote users apart. +The acl hook is best used along with a restricted shell like hgsh, +preventing authenticating users from doing anything other than +pushing or pulling. The hook is not safe to use if users have +interactive shell access, as they can then disable the hook. +Nor is it safe if remote users share an account, because then there +is no way to distinguish them. -To use, configure the acl extension in hgrc like this: +To use this hook, configure the acl extension in your hgrc like this: [extensions] hgext.acl = @@ -26,21 +31,24 @@ pretxnchangegroup.acl = python:hgext.acl.hook [acl] - sources = serve # check if source of incoming changes in this list - # ("serve" == ssh or http, "push", "pull", "bundle") + # Check whether the source of incoming changes is in this list + # ("serve" == ssh or http, "push", "pull", "bundle") + sources = serve -Allow and deny lists have a subtree pattern (default syntax is glob) on the -left and user names on right. The deny list is checked before the allow list. +The allow and deny sections take a subtree pattern as key (with a +glob syntax by default), and a comma separated list of users as +the corresponding value. The deny list is checked before the allow +list is. [acl.allow] - # if acl.allow not present, all users allowed by default - # empty acl.allow = no users allowed + # If acl.allow is not present, all users are allowed by default. + # An empty acl.allow section means no users allowed. docs/** = doc_writer .hgtags = release_engineer [acl.deny] - # if acl.deny not present, no users denied by default - # empty acl.deny = all users allowed + # If acl.deny is not present, no users are refused by default. + # An empty acl.deny section means all users allowed. glob pattern = user4, user5 ** = user6 '''