[Csync2] Any reason why "-C" option restricts csync2 config files to be limited to alphanumeric characters?

Wed Mar 21 12:43:43 CET 2012

Thanks Lars,

Groups in conjunction with multiple config files made our job easy...

so, this is how we run :

csync2 -C module-A -G group-one -x

Having said that it would still be beneficial to let users specify config
files in sub directories of 'sysconfdir'; of course after taking enough
precautions [like preventing file names starting with '/', preventing '..'
character, rejecting environment variable, etc] to prevent execution of
arbitrary commands. Relaxing the name of the config file to have '_'
(underscore) may also help a bit [ most of the database systems allow
defining a database or schema or a table with '_' ]

Anyway, I do not need these additional enhancements anymore since my use
cases are met by the combination of -C and -G switches.

But if folks think that providing these options would be beneficial, then i
may try submitting the patch over the weekend.

Regards,
Samba

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
On Mon, Mar 19, 2012 at 9:47 PM, Lars Ellenberg
<lars.ellenberg at linbit.com>wrote:

> On Mon, Mar 19, 2012 at 05:05:28PM +0530, Samba wrote:
> > Hi,
> >
> > I would like to utilize modular configuration files which csync2
> supports;
> > but have a curiosity to know why those additional configuration file
> names
> > are restricted to just alphanumeric characters ([a-z0-9]). This
> restriction
> > also prevents one from grouping those modular config files into
> subfolders,
> > like say, "essential", "optional", "large", etc which would have helped
> > schedule different intervals for different sets of configuration files.
> >
> > If there is no technical reason to restrict csync2 config file name to
> just
> > alphanumeric characters, then would it be a good idea to patch to allow
> the
> > above mentioned usecases? i.e allow other characters like '_', '-', etc
> and
> > also allow config files to be put under subdirectories of 'sysconf' dir
> or
> > probably even allow specifying absolute path names...
>
> Different "-C cfgname" will also use different databases,
> with the cfgname encoded in the database name.
> And those may have their own limitation.
>
> Also the to-be-used config file name is communicated over the connection,
> and you don't want some unpriviledged user to be able to trick your
> csync2 daemon to use some arbitrary crafted config file.
>
> There may be other reasons as well.
>
> So if you plan to relax that constraint, keep in mind that you may cause
> incompatibilities with current and future database backends, and
> probably need a few additional sanity checks before you allow a csync2
> daemon to even start looking at those config files.
>
> Are you aware of csync2 *groups*?
>
> You can have many different named groups in the same config file,
> and if you give them on the command line (-G groupname1,group2,group3)
> only those listed will be processed.
>
>
>        Lars
>
> --
> : Lars Ellenberg
> : LINBIT | Your Way to High Availability
> : DRBD/HA support and consulting http://www.linbit.com
>
> DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20120321/b1038368/attachment.htm>