plugins: Plugin ideas added

[ghost]

I want to propose 3 new plugin ideas. For the recursion plugin I will need some more advise though from more experienced programmers.

[markus2330]

Thank you, there are good ideas!

[markus2330]

check/permissions also needs to be added to infos/metadata and doc/METADATA.ini

[markus2330]

Its better to separate permissions and ownership.

For ownership an option to refer to the "current" user would be interesting.

[ghost]

What about check/permission = rwx and
check/permission/user = tomcat in order to split up the permission and ownership?

When the user types in "current" in the user part, I would simply replace it with the user who caused the "kdb set". Does this make sense for you?

[markus2330]

What about check/permission = rwxand
check/permission/user = tomcat in order to split up the permission and ownership?

The ownership has actually little to do with permission. So maybe check/owner/user and check/owner/group?

When the user types in "current" in the user part, I would simply replace it with the user who caused the "kdb set". Does this make sense for you?

This would create a problem if there is a user called "current". What about an empty string? I think this is not allowed as actual user name.

[ghost]

My question here is, if the owner is actually that much needed.
I just want to check if a certain user can read/write/etc. on a certain file.

If for example user "java" can write to /var/log/abc.log. Why is the owner of the file of any relevance?

[markus2330]

You are right, it makes sense to make this check as simple as this.

So the "user" refers to for whom the permissions are checked, not to the owner. This should be said very clearly, not only hidden in the example.

[markus2330]

I think you can fully implement this, missing are:

• sticky bit
• and then all of these permissions also for groups and others

[ghost]

Alright, I will add it in the next commit!

[markus2330]

If you agree and have/will fix it, a "thumbs up" 👍 or similar is enough.

[ghost]

The sticky bit does not change the behavior of the program at all so I think it is better to ignore it.

I am thinking the same about groups. In the end its a a user who executes or uses the file in the setting. So probably its the best to keep it that simple and only provide rwx.

I am unclear now if you really want to split up permission and user as for me it is more intuitive to have them both in one metadata, eg. check/permission "rwx, java" (or maybe without the colon). If check/permission "rwx, " is given, the current user is taken?

[markus2330]

In the implementation it matters: if the file does not exist, it is the sticky bit of the parent directory which may decide if the user can create the file.

Btw. did you check if there an "access (2)" which allows us to say for which user it should be checked? Then the implementation would be trivial.

Maybe there should also be a flag if the file already needs to be present. For log files there are many differences in this area. Actually, if the software does not allow the creation of files, we could simply create it.

I am unclear now if you really want to split up permission

Yes, the split is a must. Otherwise we get problems if the user names contains ",", spaces or similar.

[ghost]

Btw. did you check if there an "access (2)" which allows us to say for which user it should be checked? Then the implementation would be trivial.

Unfortunately I do not understand what you mean by this 😕

Maybe there should also be a flag if the file already needs to be present. For log files there are many differences in this area.

Maybe we could add a check/path/exists setting which indicated if it has to exist already?

Actually, if the software does not allow the creation of files, we could simply create it.

The idea sound good but especially with logs there are rollovers and this could simply lead to a delayed configuration error which isn't wanted. I guess the user setting the specification should just give the executing user the creation (write) permission to the directory.

Yes, the split is a must. Otherwise we get problems if the user names contains ",", spaces or similar.

What about

• check/permission = rw
• check/permission/user = tomcat

?

[markus2330]

Unfortunately I do not understand what you mean by this confused

I mean to use the syscall access (2) http://man7.org/linux/man-pages/man2/access.2.html

logs there are rollovers and this could simply lead to a delayed configuration error which isn't wanted.

Yes, this is certainly not wanted. I think we need to gather more data here for what applications do here.

One more advanced idea is that Elektra already opens a file and then passes /proc/self/fd/ instead of the real file name. Then it is impossible that the file disappears (but it needs additionally resources, namely an open file descriptor).

What about

Simply propose it in the PR. We can take a look tomorrow.

[markus2330]

Checks for regular file/directory/symbolic link/... would be interesting, too. But they are only nice-to-have.

[ghost]

I will leave this open for now and see in my thesis if it is needed that often. But the idea is good!

[markus2330]

Yes, making everything complete is not a good idea anyway. It easily happens that stuff is added nobody ever needs. I just mentioned it so that you are aware that such a check might be relevant for some software.

[markus2330]

sudo kdb setmeta /tests ...

to use keys in spec.

[markus2330]

I do not understand this limitation. Within "kdb set" you can check the whole configuration and reject everything that is unfinished.

[ghost]

That's correct, but this would force the user to have a specified ordering when creating the configuration. Either "bottom-up" (you have to create leaf settings before recursive ones) or "top-down" (you have to create top level settings first before adding lower level ones).

Klemens said that some plugins which take a config do not have a specific ordering once you load them.

[markus2330]

Some storage plugins do not remember the order of entries within the configuration files. But the order of the configuration structure should have nothing to do with that.

[markus2330]

Please use Elektra arrays, for example:

kdb setmeta user/recursive check/recursion/vertex/#0 menu
kdb setmeta user/recursive check/recursion/vertex/#1 submenu
kdb setmeta user/recursive check/recursion/leaf/#0 param
kdb setmeta user/recursive check/recursion/leaf/#1 menupoint

See #1010

A kdb set-meta-array would be nice to have.

[markus2330]

Can you give a concrete example? Why is #[0-9]+ allowed?

[ghost]

I will change the example in the next commit

[markus2330]

What does "param, menupoint" mean?

[ghost]

I will change the example in the next commit

[markus2330]

Yes, it makes sense to separate this.

[markus2330]

Most of the comments from the previous review are still not fixed.

[markus2330]

How to specify the user? Specification of which values are allowed are missing.

[ghost]

how to specify any combination or rwx?

[markus2330]

There are many ways, I am sure you will find one 😄

[ghost]

well, of course I could find one but I have no idea what this file does or how it is used or if it is used. I mean I could provide a regex under "type" or enumerate all possibilities or give a textual description. But I have no idea if I break anything or if I write something illegal then. Is there any documentation for this?

[markus2330]

9944015

[markus2330]

We should try to reuse/reduce the errors and make a nice classification system. Hopefully you can contribute to improve the error system.

[markus2330]

Not if it is a warning.

The problem is rather that a timeout is needed.

[markus2330]

There is still no explanation of check/permission, check/permission/user. It is good to have an example but there should also be an explanation without example.

[markus2330]

"user" needs to be removed, otherwise the change does not make sense.

[markus2330]

Reason should state what was expected and what is actual.

[markus2330]

Still without array syntax.

[ghost]

I will take a look at it on the weekend. For understanding purposes I think it is fine

[markus2330]

It is not easy to review something which actually should be changed.

[markus2330]

The word "basically" is useless. Say it like it is. And again: with+without example.

[ghost]

@markus2330 I hope that this example is much more illustrative for you. Please take a look at it and tell me anything which is unclear. It really took me quite some time to get this right

[markus2330]

Thank you, much more clear now!

[markus2330]

Its better if the examples show different aspects, not one "less real" and another "more real".

[markus2330]

Menu like in a restaurant?

[markus2330]

configuration or specification?

[markus2330]

Specification still not explained, what are these two lines for?

[markus2330]

/editor/menu is not a form but rather an example?

[markus2330]

Please use shell recorder syntax

[ghost]

Do you have a link to a tutorial for that?

[sanssecours]

The following documents should be helpful:

• ReadMe of the Markdown Shell Recorder (MSR)
• the MSR syntax check

. Many of the plugins also contain some basic MSR tests. For example, the ReadMe of YAML CPP contains a few example tests.

[markus2330]

Why isn't the term also used in the tutorial?

[markus2330]

Can we add a name-based approach or does it confict with the array-based approach?

[ghost]

It doesn't conflict imo, as discussed in your comment below it needs to know if it is a vertex or some arbitrary setting unrelated to the recursive structure. With the array based approach this is clear.

[markus2330]

Imho, the array does not make a difference. Without some external knowledge you never know if a string is a reference or a value interpreted otherwise.

[markus2330]

Why "at least"? What is missing?

[markus2330]

Metadata?

[ghost]

How could this look like?

[ghost]

I updated the documentation.
On sunday I will

1. Add src/error/specification for port & recursion
2. write the correct shell recorder syntax

Concerning the "named" recursion it would be interesting to have your feedback.
Also on the Problem part in the recursion plugin readme which I updated.

[markus2330]

This order should not matter.

[ghost]

Can you explain why? How exactly are keys loaded into the kdb?

I assume that it is loaded in the order of the file, i.e. it would be the same if I call kdb set ... in the same order as the config file

[markus2330]

The plugins receive a whole keyset and can do whatever they want to do with it. So in the implementation you can lookup if something is present, it does not matter where in the keyset it is.

[ghost]

I redesigned the recursion plugin to only have the "named" approach now. The array approach might be confusing and isn't superior. Now we can easily adopt LCDproc's configuration

[markus2330]

Thank you. Quite some problems in error/specification and METADATA.ini.

[markus2330]

What if check/permission/user is missing?

[markus2330]

specify all cases.

[markus2330]

this is not an example, ; is not allowed.

[ghost]

What is a valid example? They are all just some descriptions as i can see. I made it more verbose now

[markus2330]

The example needs to be something that actually could be a value of the metavalue.

E.g. "rwx" would be a valid example.

[markus2330]

empty or string?

[ghost]

either or. If empty then the current user is taken, if a string is given it is interpreted as the desired user. It is also written in the description

[markus2330]

string automatically includes empty. Elektra does not have sum types, so specifying "string empty" does not make sense. (The result would be "empty")

[markus2330]

empty or non-existent?

[ghost]

Isn't it the same question as above?

[markus2330]

Yes, it is the same problem.

[markus2330]

Please be consistent with the already existing errors if you put a . in the end or not.

[ghost]

Some descriptions have a dot and some do not. Which one should i take now?

[markus2330]

Ok, this is something to unify later.

We can also make that sentences get a .

[markus2330]

network or recursive?

[ghost]

woops, copy and paste error

[markus2330]

The port should actually also passed to getaddrinfo. Better to rewrite the intro.

[markus2330]

maybe connect is better, as ping somehow implies ICMP.

[markus2330]

directly below?

[markus2330]

small things...

[markus2330]

enum and then the possibilities

[markus2330]

Its better to have a new-line in the end of files.

[markus2330]

and it also transforms to the number?

[ghost]

Hopefully now everything is accordingly.

Could you take a look at the new recursion plugin? It just contains a single check metadata now instead of 2.

[kodebach]

@markus2330 I updated the recursion plugin README with results from a talk between me and @Piankero

I would also suggest renaming the recursion plugin to reference, because one major part of the work the proposed plugin would do is checking, whether references are valid. This functionality could also be useful elsewhere without the recursive part.

I propose:

• changing check/recursion to check/reference
• changing check/recursion/override to check/reference/override
• changing check/recursion/restrict to check/reference/restrict
• adding the boolean check/reference/recursive to enable/disable the check for loops in the reference graph

An example of such reference checking without recursion would be the references to driver configurations in the lcdproc server configuration.

I would also suggest either closing this PR entirely and opening separate PRs for the proposed plugins, or at least opening a separate PR for the recursion/reference plugin, to keep things a bit more organized.

[markus2330]

Yes, please let us open a new PR once we decided on the new name. If the checks are not limited to recursive checks, it makes sense to rename it. How can a user distinguish if a reference check is recursive or only a single check? What if we remove the old "struct" check and call the new plugin also "struct"? Is this plugin able to check some arbitrary recursive structure of configuration?

Btw. if possible we should avoid "override" because this already has a meaning within Elektra (it is a link to be preferred, see doc/METADATA.ini).

[kodebach]

How can a user distinguish if a reference check is recursive or only a single check?

[/tests/keywithref]
check/reference = ref

[/tests/keywithrec]
check/reference = ref
check/reference/recursive = true

Here /tests/keywithref/ref would just be a single reference, while /tests/keywithrec/ref would be checked recursively.

An alternative would be the following:

[/tests/keywithref/ref]
check/reference = single

[/tests/keywithrec/ref]
check/reference = recursive

Here the type of check/reference would be enum, with the values single and recursive being supported. The name used for recursive checking would be the basename of the key with the check/recursive metadata. Then overriding the name could be done through a third enum value.

Personally I like the second option better. It makes more sense to me to specify the metadata on the actual reference key.

What if we remove the old "struct" check and call the new plugin also "struct"? Is this plugin able to check some arbitrary recursive structure of configuration?

The current proposed plugin would only check references. Checking the remaining structure could simply be done with the spec plugin:

[/tests/base/ref]
check/reference = recursive
check/reference/restrict = typeA

[/tests/base/typeA/_/name]
check/type = string
; etc

[/tests/base/typeA/_/size]
check/type = long
; etc

The basic idea is to restrict the references to a certain path X and then using X as a kind of type identifier. The direct sub-keys of X would then be 'instances' of X, so by using X/_/Y one can specify properties of the field Y of typeX.

[markus2330]

Personally I like the second option better. It makes more sense to me to specify the metadata on the actual reference key.

Yes, I also like the second option better.

The basic idea is to restrict...

Good example. Could you please incorporate it into the README? But please continue using typeA (if I understood correctly it is changed to X later in the explanation).

[ghost]

@markus2330
There is a problem with the extension of the path plugin and the assumption if the metakeycheck/permission/user is not set, the current user is taken.

The problem lies in the euidaccess function and the need to change the egid.

Is is a bit difficult to explain:
*) euidaccess checks for the access with the egid and euid.
*) unfortunately there can only be one egid active at a time when calling euidaccess().
*) So if a user belongs to multiple groups and the filegroup is one of them, I have to actively switch to this group with setegid() before calling euidaccess()
*) To switch via setegid() I have to be running as root even though I am a member of the group I want to "switch" to.
*) When running as root though, the information is lost for which user you really want to check the permission for.

So it is absolutely required that check/permission/user and check/permission/types are both present.
I can only support to assume if check/permission/user is empty the root user is assumed. But checking for file access as root user is a bit fruitless.

I hope I could explain the problem so that it is understandable. Do you have a better solution or do we simply require the coexistence of both metadatas?

[markus2330]

What is "check/permission/types"?

But checking for file access as root user is a bit fruitless.

I am not sure if it is fruitless. There are now many kernel extensions (and also file system features) to disallow root to do something. And I would prefer the "current user" and not root as default. And in the "current user" scenario no switching of egid is necessary.

If two options are absolutely required so that the plugin can do something useful it is of course possible to demand the presence of both options. Afaik this would be the first plugin, though.

[ghost]

What is "check/permission/types"?

It is used for the actual permissions, e.g. "rwx"

And I would prefer the "current user" and not root as default. And in the "current user" scenario no switching of egid is necessary.

I wish for the same but when programming I could not circumvent the problem described above. But I have to switch egid since access only checks with one egid active. If you wish I could also demonstrate it on our next Elektra meeting.

[ghost]

All plugin ideas are now in implementation stage in their respective PR. Closing this PR