brian at shmoo.com
Wed Mar 21 23:58:29 EST 2001
After of couple of days of bugging bruce with ideas, here is the latest
suggestion. I think this is the best we've come up with so far. I know
it's a bit long, sorry.
We've canned the "order" idea and added the "IncludeAll" and "ExcludeAll"
statements. These specify the default action to take on all files, and a
default attributes list. There would be either a global IncludeAll or
ExcludeAll statement like:
There is no <Include> block, only a list of Include statements.
Basically, the order that directives appear in a directory block determines
precedence. That is, when traversing files, the first rule that matches
applies. Similar to the programming language concept of a switch. What
some might consider a downside is the fact that it's possible to create
rules that cancel each other out. You can also achieve the same behavior
in different ways, e.g. excluding directories.
the following attributes can be acquired from a file:
keywords that can appear in global or directory context:
hash <hash algorithm> - one of: md5,sha,haval,ripemd
options <options list> - one or more of:
IncludeAll <attributes list> - one or more of the above attributes.
hash: use the specified hash algorithm.
options: use the specified options.
IncludeAll: by default, include all files and acquire the specified
ExcludeAll: by default, exclude all files.
keywords that can appear in a directory block:
Include <filter> <attributes>
NoEnter <directory path>
Include: include the specified and get the specified attributes.
Exclude: do not include the specified. If the specified is a directory,
directory and it's contents are ignored.
NoEnter: do not enter the directory. The directory may still be scanned
the contents of the directory are ignored.
# recursive scan of /usr that gets all attributes, but some files get
# different attributes. The local directory is ignored as well as its
# contents. The ports is not ignored and isn't entered.
Include user("bob") mtime,perm
Include header(0xcafe) perm
# this states that all contents of the directory is ignored. But, since
# we are doing a recursive scan of /usr above, the directory is not
# ignored. We could accomplish the same thing by putting the following
# statement in the above block: "NoEnter share".
# this is to demonstrate how to scan all root's files recursively, but
# not to enter the spool directory.
Include uid(0) all
Brian Wotring ( brian at shmoo.com )
PGP KeyID: 0x9674763D
More information about the osiris-devel