From owner-freebsd-cvsweb@FreeBSD.ORG Fri Jan 13 00:59:32 2006 Return-Path: X-Original-To: freebsd-cvsweb@freebsd.org Delivered-To: freebsd-cvsweb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC82916A420 for ; Fri, 13 Jan 2006 00:59:32 +0000 (GMT) (envelope-from noackjr@alumni.rice.edu) Received: from smtp107.biz.mail.re2.yahoo.com (smtp107.biz.mail.re2.yahoo.com [206.190.52.176]) by mx1.FreeBSD.org (Postfix) with SMTP id BFB7743D45 for ; Fri, 13 Jan 2006 00:59:29 +0000 (GMT) (envelope-from noackjr@alumni.rice.edu) Received: (qmail 51981 invoked from network); 13 Jan 2006 00:59:25 -0000 Received: from unknown (HELO optimator.noacks.org) (noackjr@supercrime.org@24.99.22.177 with login) by smtp107.biz.mail.re2.yahoo.com with SMTP; 13 Jan 2006 00:59:24 -0000 Received: from localhost (localhost [127.0.0.1]) by optimator.noacks.org (Postfix) with ESMTP id 388D56145; Thu, 12 Jan 2006 19:59:24 -0500 (EST) Received: from optimator.noacks.org ([127.0.0.1]) by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 15929-08-2; Thu, 12 Jan 2006 19:59:23 -0500 (EST) Received: from [127.0.0.1] (optimator [192.168.1.11]) by optimator.noacks.org (Postfix) with ESMTP id DAC8E60CE; Thu, 12 Jan 2006 19:59:22 -0500 (EST) Message-ID: <43C6FB6A.70905@alumni.rice.edu> Date: Thu, 12 Jan 2006 19:59:22 -0500 From: Jonathan Noack User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: =?ISO-8859-1?Q?Ville_Skytt=E4?= References: <43C5CEBC.6070908@acm.org> <43C5DC1C.9040209@alumni.rice.edu> <1137101189.19680.54.camel@bobcat.mine.nu> In-Reply-To: <1137101189.19680.54.camel@bobcat.mine.nu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at noacks.org Cc: freebsd-cvsweb@freebsd.org Subject: Re: Hiding some directories X-BeenThere: freebsd-cvsweb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: noackjr@alumni.rice.edu List-Id: CVS Web maintenance mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2006 00:59:32 -0000 Ville Skyttä wrote: > On Wed, 2006-01-11 at 23:33 -0500, Jonathan Noack wrote: >>> BTW, I am not familiar enough with Perl. Although I was able to >>> configure that array to forbid all directories that I did not want, I >>> wonder if is there a way to specify in that array just a few top level >>> directories that I want. >> How about an @AllowedFiles list that only displays files and directories >> that match? See attached patches for cvsweb.cgi and cvsweb.conf. > > No strong opinions nor objections if this is really needed, but couldn't > some extended patterns be used for that, and some commented out examples > of those be added to cvsweb.conf? Maybe negative look-behind (see "man > perlre")? It could get somewhat hairy though. It probably could be done with some extended patterns but few of our users would understand them (I certainly wouldn't!). Having @AllowedFiles means that we can give our users 2 options: 1) Allow all with @ForbiddenFiles override (This is the default). 2) Forbid all with @AllowedFiles override (which in turn is overridden by @ForbiddenFiles). This is quite powerful AND easy to configure. Consider a repository with this directory structure: $ pwd /usr/home/cvsroot $ find . -type d ./CVSROOT ./dir1 ./dir2 ./dir3 ./dir3/sub1 ./dir3/sub2 ./dir3/sub3 ./dir4 ... ./dir9 If I only wanted to allow dir3 and dir4 but forbid dir3/sub2, the configuration is simple: @ForbiddenFiles = ( qr|^dir3/sub2|o, ); @AllowedFiles = ( qr|^dir[34]/|o, ); This is much easier than the way it would be done currently (and what if we added more directories that needed to be forbidden?): @ForbiddenFiles = ( qr|^CVSROOT|o, qr|^dir1|o, qr|^dir2|o, qr|^dir3/sub2|o, qr|^dir5|o, qr|^dir6|o, qr|^dir7|o, qr|^dir8|o, qr|^dir9|o, ); As we don't want to allow more than we intend, we must be more careful with @AllowedFiles then with @ForbiddenFiles. Here are some best practices for @AllowedFiles: 1) Patterns should begin with '^' to match the beginning of the relative path in the repository and should contain as much path information as possible. For example: Use 'qr|^dir/sub/|o' instead of 'qr|sub|o'. The latter could erroneously match 'yellow_submarine.mp3' or 'folder/sub'. 2) Patterns for specific directories should have a trailing slash. For example: Use 'qr|^dir/|o' instead of 'qr|^dir|o'. The latter could erroneously match 'dir.txt' or 'dirty'. 3) Patterns for specific files should end with '$' to match the end of filename. For example: Use 'qr|^dir/file.txt$|o' instead of 'qr|^dir/file.txt|o'. The latter could erroneously match dir/file.txt.old or dir/file.txt/real_file.txt. Why did I write that much?!? Off to dinner, -Jonathan