[augeas-devel] [PATCH] Add sudoers lens and associated test
Raphaël Pinson
raphink at gmail.com
Wed Aug 13 07:53:52 UTC 2008
On Wed, Aug 13, 2008 at 3:04 AM, David Lutterkort <dlutter at redhat.com>wrote:
> On Tue, 2008-08-12 at 23:44 +0200, Raphaël Pinson wrote:
>
>
> > One question about this:
> >
> > > +
> >
> (***********************************************************************************
> > > + * Parameter ::= Parameter '=' Value |
> > > + * Parameter '+=' Value |
> > > + * Parameter '-=' Value |
> > > + * '!'* Parameter
> > > +
> >
> ***********************************************************************************)
> > > + let parameter = [ label "parameter" .
> > sto_to_com ]
> >
> >
> > What do you think about splitting the values from the
> > parameter names in
> > the tree ?
> >
> > I thought about that, too. I stayed with a very simple description of
> > it so far, because I'm not sure how to represent the different
> > attributions. Something like:
> >
> > Defaults param1="value1", param2+="value2", param3-="value3", !param4
> >
> > could become
> >
> > { "Defaults"
> > { "parameter"
> > { "name" = "param1" }
> > { "type" = "=" }
> > { "value" = "value1" } }
> > { "parameter"
> > { "name" = "param2" }
> > { "type" = "+=" }
> > { "value" = "value2" } }
> > { "parameter"
> > { "name" = "param3" }
> > { "type" = "-=" }
> > { "value" = "value3" } }
> > { "parameter"
> > { "name" = "param4" }
> > { "negate" = "!" } } }
>
> I would turn it into
>
> { "Defaults"
> { "parameter"
> { "name" = "param1" }
> { "value" = "value1" } }
> { "parameter"
> { "add" }
> { "name" = "param2" }
> { "value" = "value2" } }
> { "parameter"
> { "remove" }
> { "name" = "param3" }
> { "value" = "value3" } }
> { "parameter"
> { "negate" }
> { "name" = "param4" }
> { "negate" = "!" } } }
>
Actually, I think it would be much easier to parse if this syntax could be
turned into a
{ "parameter"
{ "negate" = "false" }
{ "action" = "remove" }
{ "name" = "param3" }
{ "value" = "value3" } }
{ "parameter"
{ "negate" = "true" }
{ "name" = "param4" } }
I've had this need before, and just worked around it. Basically, the need
would be for a "value"keyword in the ML implementation, which would be to
"store" what "label" is to "key", so we could write things like :
let action_gen (val:string) (kw:string)
= [ label "action" . del kw kw . value val ]
let action = action_gen "set" "="
| action_gen "add" "+="
| action_gen "remove" "-="
let negate = [ label "negate" . ( del /(!{2})*/ "" . value "false" | del
/!(!{2}*/ "!" . value "true" ) ]
let parameter = [ label "parameter" . negate
. [ label "name" . store
/whatever/ ]
. ( action . [ label
"value" . store /whatever/ ] )? ]
I guess the biggest issue with a "value" command is the reversibility of it.
The lens checker would have to make sure that it can be reversed, and I have
no idea how much work that means has to be done.
For now, I think sudoers users won't mind typing things like :
set /files/etc/sudoers/Defaults/parameter 'env_keep+="APT_CONFIG
DEBIAN_FRONTEND SHELL"'
instead of
set /files/etc/sudoers/Defaults/parameter/negate "false"
set /files/etc/sudoers/Defaults/parameter/name "env_keep"
set /files/etc/sudoers/Defaults/parameter/action "add"
set /files/etc/sudoers/Defaults/parameter/value '"APT_CONFIG DEBIAN_FRONTEND
SHELL"'
Not to mention that "action" actually has to be set between "name" and
"value" imo, otherwise it will be ignored by augeas for not being in the
right position.
Raphaël
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20080813/cb03c680/attachment.htm>
More information about the augeas-devel
mailing list