On Thu, Jan 16, 2020 at 06:56:06PM +0100, Alexandr Nedvedicky wrote:
> I like your suggestion, diff below fixes extra white space and
> uses Stuart's wording.
sure
Hello,
> > +.Pp
> > +Note that users 1000 and 1500 are excluded from the pass rule.
>
> The last line above is a little hard to parse - I think a "positive
> example" would be clearer, i.e. something like this:
>
> .Pp
> The example below permits users with uid between 1000 and 1500
> to open
On 2020/01/16 17:37, Alexandr Nedvedicky wrote:
> Hello,
>
>
> > > +of uids, which match the pass rule. The
> > New sentences on its own line. I'd say
> >
> > Note that users 1000 and 1500 are excluded from the pass rule.
> >
>
> yes, new sentence on the new line. and your wording
On Thu, Jan 16, 2020 at 05:37:17PM +0100, Alexandr Nedvedicky wrote:
> updated manpage is below.
OK kn
> +The
^
$ mandoc -T lint pf.conf.5
mandoc: pf.conf.5:832:4: STYLE: whitespace at end of input line
mandoc: pf.conf.5:2946:2: WARNING: sections out of
Hello,
> > +of uids, which match the pass rule. The
> New sentences on its own line. I'd say
>
> Note that users 1000 and 1500 are excluded from the pass rule.
>
yes, new sentence on the new line. and your wording sounds better.
> > +.Cm :
> The port paragraph marks up those
On Thu, Jan 16, 2020 at 03:29:16PM +0100, Alexandr Nedvedicky wrote:
> I think that's where we are heading after reading email from sthen@
>
> Let's focus on to update pf.conf.5 manpage. Would diff below make
> pf.conf.5
> manpage more useful?
I think this is the right way; adding
Hello,
>
> (2Theo: yes, I'm lazy, sorry :) )
>
> I agree, that "X:Y" syntax for "user" could be confusing, and "X> simply ugly. I do not have a silver bullet here, though.
>
> If you oppose the proposed change, I'll add "... except 'uid1:uid2' syntax,
> which could be mistakenly interpreted as
16 января 2020 г. 15:58:09 GMT+03:00, Klemens Nanni пишет:
>On Thu, Jan 16, 2020 at 01:16:27PM +0100, Alexandr Nedvedicky wrote:
>> sentence 'The syntax is similar to the one for ports' sets my
>expectations
>> I can define a range of users in the same way I define a range of
>ports.
>>
On 2020/01/16 13:58, Klemens Nanni wrote:
> On Thu, Jan 16, 2020 at 01:16:27PM +0100, Alexandr Nedvedicky wrote:
> > sentence 'The syntax is similar to the one for ports' sets my
> > expectations
> > I can define a range of users in the same way I define a range of ports.
> > Looks
On Thu, Jan 16, 2020 at 01:16:27PM +0100, Alexandr Nedvedicky wrote:
> sentence 'The syntax is similar to the one for ports' sets my expectations
> I can define a range of users in the same way I define a range of ports.
> Looks useful to me, though a bug in parse.y might be just a tip
Hello,
>
> > Looks like Vadim found a bug and I'll take a look at the patch
> > he has sent.
> Where do you see a bug?
>
at description of 'user' match the pf.conf(5) reads as follows:
User and group IDs can be specified as either numbers or names.
The syntax is
On Thu, Jan 16, 2020 at 12:30:07PM +0100, Alexandr Nedvedicky wrote:
> On Wed, Jan 15, 2020 at 11:14:43PM -0700, Theo de Raadt wrote:
> > What does 1234:12345 mean. It must be uid 1234 _and_ gid 12345?
This is how I would interpret it, as that's existing semantic for
ownership handling in
On Thu, Jan 16, 2020 at 03:54:25AM +0300, Vadim Zhukov wrote:
> I've just found that pfctl doesn't like 'X:Y' syntax for user and group
> clauses, despite of the words in manpage.
Which wording are you referring to exactly? To me the entire user and
group documentation in pf.conf(5) is clear
Hello,
just to clarify the user and group match in pf.conf
On Wed, Jan 15, 2020 at 11:14:43PM -0700, Theo de Raadt wrote:
> I'll bite, using text from your regress.
>
> > +pass out proto tcp all user 1234:12345 flags S/SA
> > +pass out proto tcp all user 0:12345 flags S/SA
> > +pass out proto
16 января 2020 г. 9:14:43 GMT+03:00, Theo de Raadt пишет:
>I'll bite, using text from your regress.
>
>> +pass out proto tcp all user 1234:12345 flags S/SA
>> +pass out proto tcp all user 0:12345 flags S/SA
>> +pass out proto tcp all group 1234:12345 flags S/SA
>> +pass out proto tcp all group
I'll bite, using text from your regress.
> +pass out proto tcp all user 1234:12345 flags S/SA
> +pass out proto tcp all user 0:12345 flags S/SA
> +pass out proto tcp all group 1234:12345 flags S/SA
> +pass out proto tcp all group 0:12345 flags S/SA
What does 1234:12345 mean. It must be uid 1234
Hi all.
I've just found that pfctl doesn't like 'X:Y' syntax for user and group
clauses, despite of the words in manpage. The problem is caused by
parser eating the colon character in STRING version of "uid" and "gid"
rules. The solution is similar to the way ports parsing is done. Now we
have
17 matches
Mail list logo
