From owner-freebsd-cvsweb@FreeBSD.ORG Fri Jan 13 07:33:47 2006 Return-Path: X-Original-To: freebsd-cvsweb@freebsd.org Delivered-To: freebsd-cvsweb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 496CD16A420 for ; Fri, 13 Jan 2006 07:33:47 +0000 (GMT) (envelope-from scop@freebsd.org) Received: from smtp1.pp.htv.fi (smtp1.pp.htv.fi [213.243.153.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id A844D43D45 for ; Fri, 13 Jan 2006 07:33:46 +0000 (GMT) (envelope-from scop@freebsd.org) Received: from [192.168.2.4] (cs181056070.pp.htv.fi [82.181.56.70]) by smtp1.pp.htv.fi (Postfix) with ESMTP id 4C98B7FC35; Fri, 13 Jan 2006 09:33:45 +0200 (EET) From: Ville =?ISO-8859-1?Q?Skytt=E4?= To: noackjr@alumni.rice.edu In-Reply-To: <43C6FB6A.70905@alumni.rice.edu> References: <43C5CEBC.6070908@acm.org> <43C5DC1C.9040209@alumni.rice.edu> <1137101189.19680.54.camel@bobcat.mine.nu> <43C6FB6A.70905@alumni.rice.edu> Content-Type: text/plain; charset=utf-8 Organization: FreeBSD Date: Fri, 13 Jan 2006 09:33:44 +0200 Message-Id: <1137137624.19680.91.camel@bobcat.mine.nu> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 8bit Cc: freebsd-cvsweb@freebsd.org Subject: Re: Hiding some directories X-BeenThere: freebsd-cvsweb@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS Web maintenance mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2006 07:33:47 -0000 On Thu, 2006-01-12 at 19:59 -0500, Jonathan Noack wrote: > Ville Skyttä wrote: > > > > No strong opinions nor objections if this is really needed, but couldn't > > some extended patterns be used for that, and some commented out examples > > of those be added to cvsweb.conf? Maybe negative look-behind (see "man > > perlre")? It could get somewhat hairy though. > > It probably could be done with some extended patterns but few of our > users would understand them (I certainly wouldn't!). Having > @AllowedFiles means that we can give our users 2 options: > 1) Allow all with @ForbiddenFiles override (This is the default). > 2) Forbid all with @AllowedFiles override (which in turn is overridden > by @ForbiddenFiles). > > This is quite powerful AND easy to configure. Okay, fair enough. > As we don't want to allow more than we intend, we must be more careful > with @AllowedFiles then with @ForbiddenFiles. Here are some best > practices for @AllowedFiles: This information would be an useful addition somewhere. Maybe it's a bit too much for a comment in cvsweb.conf though. INSTALL? > 3) Patterns for specific files should end with '$' to match the end of > filename. For example: Use 'qr|^dir/file.txt$|o' instead of > 'qr|^dir/file.txt|o'. The latter could erroneously match > dir/file.txt.old or dir/file.txt/real_file.txt. "." should be replaced by "\." in the example regexps above. > Why did I write that much?!? :) Some comments about the patch: +# file then a file/dir must be listed for access to be granted. s/listed for/listed in it for/ + if (($cvsroot ne $path) && (defined(@AllowedFiles))) { Why the first test? Also, using defined() on an array is deprecated (see perldoc -f defined). I think this line could be reduced to "if (@AllowedFiles) {". +# If @AllowedFiles is not defined, only @ForbiddenFiles is enforced. s/is not defined/is empty/ +#@AllowedFiles = ( + #qr|^my/+public/+dir|o, +#); The first and third lines don't need to be commented out. Could you post a revised patch along with a ChangeLog entry? Also, all configuration changes should be documented in the INSTALL file's "Upgrade instructions" section.