[Osiris-devel]latest proposal

Brian Wotring brian at shmoo.com
Wed Mar 21 23:58:29 EST 2001 

After of couple of days of bugging bruce with ideas, here is the latest 
suggestion.  I think this is the best we've come up with so far.  I know 
it's a bit long, sorry.

We've canned the "order" idea and added the "IncludeAll" and "ExcludeAll" 
statements.  These specify the default action to take on all files, and a 
default attributes list.  There would be either a global IncludeAll or 
ExcludeAll statement like:

    IncludeAll    all

There is no <Include> block, only a list of Include statements.

Basically, the order that directives appear in a directory block determines 
precedence. That is, when traversing files, the first rule that matches 
applies.  Similar to the programming language concept of a switch.  What 
some might consider a downside is the fact that it's possible to create 
rules that cancel each other out.  You can also achieve the same behavior 
in different ways, e.g. excluding directories.

the following attributes can be acquired from a file:

      perm,mtime,atime,ctime,inode,links,uid,gid,bytes,blocks,all

keywords that can appear in global or directory context:

  hash <hash algorithm> - one of: md5,sha,haval,ripemd
  options <options list> - one or more of: 
Recursive,Shallow,FollowLinks,IgnoreLinks
  IncludeAll <attributes list> - one or more of the above attributes.
  ExcludeAll

  hash:        use the specified hash algorithm.
  options:     use the specified options.
  IncludeAll:  by default, include all files and acquire the specified 
attributes.
  ExcludeAll:  by default, exclude all files.

keywords that can appear in a directory block:

  Include <filter> <attributes>
  Exclude <filter>
  NoEnter <directory path>

  Include: include the specified and get the specified attributes.

  Exclude: do not include the specified.  If the specified is a directory, 
the
           directory and it's contents are ignored.

  NoEnter: do not enter the directory.  The directory may still be scanned 
but
           the contents of the directory are ignored.


Examples:


# recursive scan of /usr that gets all attributes, but some files get
# different attributes.  The local directory is ignored as well as its
# contents.  The ports is not ignored and isn't entered.

<Directory /usr>
    Options       Recursive
    IncludeAll    all

    Include       user("bob")      mtime,perm
    Include       header(0xcafe)   perm

    Exclude       local
    NoEnter       ports

</Directory>


# this states that all contents of the directory is ignored.  But, since
# we are doing a recursive scan of /usr above, the directory is not
# ignored.  We could accomplish the same thing by putting the following
# statement in the above block: "NoEnter share".

<Directory /usr/share>
    ExcludeAll
</Directory>

# this is to demonstrate how to scan all root's files recursively, but
# not to enter the spool directory.

<Directory /var>
    Options     Recursive
    ExcludeAll
    Include uid(0) all
</Directory>

<Directory /var/spool>
    ExcludeAll
</Directory>

--
  Brian Wotring  ( brian at shmoo.com )
  PGP KeyID: 0x9674763D

More information about the osiris-devel mailing list