On 02.08.2015 23:15, Michael Schwendt wrote: > On Sun, 2 Aug 2015 16:29:06 +0200, Marcin Haba wrote: > >>>> A) if a shell script can be treated as configuration file? >>> >>> Certainly. It's a cheap way to set a program's runtime configuration >>> instead of implementing a full config file loader/parser. >> >> My image of configuration files is that they are files for read/write >> purpose by design, because they enables _configure_ something >> (application, service, single program, script...whatever). If they are >> dedicated only for reading then from my point of view they lose >> "configuration" meaning (something like WORM storage ;-) ). > > Why would you say that? Hello Michael, I trying to express my opinion about my understanding 'configuration files' meaning. > There are read-only config files to set the system-wide default for > everyone. The program reads them first before looking for user's local > config files to override the defaults. The program would never write > the system-wide file file in /etc, but at most the user's local file. In my opinion that this type of files can be classified as pre-defined settings files, not configuration files. In any case, it looks that we have different understanding configuration files and it causes cross over our opinions. I think also that better could be set the environment variables values in /etc/defaults/ and use these values by shell scripts instead using hard-coded values in shell scripts. Coming back to profile.d sample, when somebody try to modify profile.d file marked as %config [not %config(noreplace)] then after upgrade package with new profile.d file version, the file will be overwritten and user will lose introduced changes. It seems that all this situation uncovers bigger problem :-) > And in general, whether a program can write its own config files is purely > a question of design. Clearly, over the years there have been programs that > only read config files somebody [or some tool] can create. > > /etc/bashrc, /etc/profile are examples of %config files where the file > format is shell language code to be interpreted by a shell. <cut> >> However I believe that exist some tools or libraries that can do this >> content analyze for rpmlint. > > What would be the benefit? rpmlint cannot get it 100% right > anyway. There could be corner-cases, where a config file gets executed > instead of being "sourced" like a shell include file. Yes, rpmlint cannot get it 100% right, but it can report potential executable files more accurate. If something can offload person, that for example do review request, from manual checking content of files, why not use it? >>> It's some sort of white-list to assume that files in /etc meant to be >>> executed (such as initscripts related files) are not configuration >>> files in any way. Admin may decide to edit such executables nevertheless >>> (for reasons unknown), but the next update would overwrite the changes. >> >> Good to know that mentioned white-list exists. Could you indicate me >> where can I find this white-list? > > With "some sort of white-list" I mean the simplification -- the > simplified assumption -- that files with execute permission are > believed to be executables and not configuration files. And vice > versa. Real configuration files being marked executable are believed > to be mistakes. OK. Thanks for clarify. Best regards. Marcin Haba
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
