Permission denied messages sent to webserver error log during scanning
Charles Dee Rice
cdrice at pobox.com
Sat Dec 13 21:09:47 CET 2014
As a bit of a suggestion/request, I'd like to recommend a setting or option to ignore permission denied errors during scanning (or at least not send them to stderr / the webserver error log).
Error opening directory /some-directory/lost+found: Permission denied (13)
Error opening directory /some-directory/private-stuff: Permission denied (13)
Semantics are debatable -- perhaps rather than ignoring any permission denied errors, it is safer to ignore or exclude certain directory names (i.e. lost+found) or some user-defined list, etc.
I noticed it while setting up my own scanning and thought I would toss the idea out there for discussion if it hasn't come up before. For my purposes, I just added a check in scan-tree.c:scan_path() to skip the error message if errno == EACCES, but I certainly don't think that would necessarily be the best approach for everyone.
Maybe a cgitrc variable "scan-ignore-errors" to blanket turn off error messages during scans or something more refined like "scan-ignore-regex" to list a series of expressions to omit from scanning?
More information about the CGit