DUGOUT_TYPES_HELP
A overview of why various types are structured the way that they are and some background about dugout.
###############################################################################
## COPYRIGHT (C) 2022-2023 NEW ENTITY OPERATIONS INC. ALL RIGHTS RESERVED
## CREATED: 2022/02/13
## INSTANCE: /DUGOUT_TYPES_HELP.ENTITY
## MODIFIED: 2023/12/17
## OVERVIEW: Learn more about MAINTAINME and dugout instances
## HISTORY: VERSION 1.2
## -> 2022/02/14 (VERSION 1.0)
## -> 2023/12/17 (VERSION 1.1)
## -> 2023/12/18 (VERSION 1.2)
###############################################################################
DEAR OPERATOR,
This is your installation of MAINTAINME. MAINTAINME is a component of the
IPDVC resource control construct, that is by default implemented by NOVASTORE.
/NOVASTORE should be installed at the root level of your filesystem. MAINTAINME
should be installed as a sub section. Often, this will take the form as:
/NOVASTORE/MAINTAINME
The permissions for NOVASTORE may seem a bit odd. You will have to look at the
reasoning for them to be this way. The permissions and owners of each section
within NOVASTORE are defined in a Unix-like methodology. In most cases,
everything here is built to be POSIX.
All sections in the root /MAINTAINME//* instance should
be either executable, or readable. .dugout scripts are source ready, but not
executabel. Each .sh executable script should run through the shell /bin/sh. If
you need to use a loose-shell, or something alternative, symlink away from
/bin/sh to that programs binary location.
All used shells should follow traditional formatting and at least process POSIX
shell code.
This makes all parts of the instance easy to drop into various non linux/GNU
filesystems, or systems; such as BSD, or even Solaris. The only exception to
this will be the optional subsection. The optional sub-section is meant to
store optional components, and by default, optional components do not have to
implement POSIX structures.
All *.sh files should be owned by nobody:dugout when they are common, or by
root:dugout when they are elevated. Elevated scripts should also enforce some
sort of root-checking mechanism to protect against the wrong system-user
running them. Each the system should have an explicitly defined group of
dugout. You should add your system user to the group if you wish to perform
system maintenance by utilizing MAINTAINME with that user.
Since a lot of the nobody:dugout instances are just system combing routines,
the result of running them should always be minimal in definition. This is
not absolute, and you should always review the scripts before running them.
Checks have been put in place to prevent problems having to do with
naked-file/directory removals.
Rules for .sh files:
1.) Each .sh file should perform only one specific function or scoped process.
2.) Anything that has a severity potential to the system should run through a
/run/* instance, or with a scoped definition linked to a setup script
that is read from /etc/*. This applies to other systems with a similar
root specific directory structure that feeds scripts from a default
location that is similar to /etc
3.) All *.sh files should also have the same permissions when they're nested
under /MAINTAINME/**/*, either nobody:dugout, or root:dugout. These
permissions should make them executable-readable only. They should not
be writable, unless by the super-user. Always make them read-only
executable files. This is meant to be implemented by root, and they are
meant to be run/executed by the dugout group users only. These users
should not be writing to these files by default at all.
4.) Changing MAINTAINME files should be done by activating the root account
or sudo user.
5.) You should not edit this section with a glob-editor as a root-owned
process. You should edit each instance as a single instance only.
6.) The nested directory /NOVASTORE/MAINTAINME/dugout houses .dugout files.
.dugout files should not be anywhere else. This nested directory also
has two additional sub-directory structures, and these file types should
only reside in their specific and designated locations.
These locations are:
1.) archive - this holds .link slugs meant to define linked program
backup behavior. These .link files can be implemented during a
system-wide or specific instance routine, such as a backup.
All of these archive slugs should allows for include/exclude
structures or implement branched-out meta-directory functionality
of some predetermined heirarchy. All archive related backup
routines on the system should use only 1 specific archive
extension following the given example convention.
2.) linker - this holds .linker slugs that define non-symbolic structures
meant to alter the runtime position of a .sh job. Also, they can be
be used to navigate to generic-defined start positions of the
system program that calls them. They can be made to point to HTML
or other simple structured meta-formats, or to an empty location
behind a filter defined elsewhere. The two default filters are
EXPLORER, which provides a method for storing a general purpose
network-browser storage system using custom settings, and the
second is a trinechan, which allows you to browse stored
meta-structures that are of a simple/structured or compliant
format as textual renderings.
MORE ON CONVENTIONS:
dugout files are not to have alias instances, unless they're mapped to the
dugout/shortcut_id.dugout file. Each instance of .dugout can map behavior
to a function that is then run by assigning an alias in shortcut_id.dugout.
The exception to the alias rule is in bashrc_*, and bash_display_* files
because of a source ordering issue when defining bash environment colors.
However, this is not implemented by default, and the alias for visual
formatting should be deferred to _pretty_things.dugout functions.
dugout/archive/* files should follow the convention:
archive_.link
These files should then provide the directory logic as needed by the archive
program defined by the system administrator, usually in something like
disk_ops_*.dugout
All of these dugout files should be read-only, 040 permissions - and owned
by nobody:dugout. They are meant to be read-only and act as a mocked
alertnative to /etc, but in a specific POSIX format.
control/* file should follow the convention:
.sh
These instances should provide step by step logic for doing system tasks on a
generic time-schedule. They should be run/called every X days, weeks, months,
etc - or after a specific action, such as a server reset, system restore,
after a backup, etc.
If a script starts with construct_* it will be a designated setup script for a
specific program. i.e. construct_chroot_nginx.sh would build a chroot nginx
environment where nginx could then be customed installed/established
with a linked unit/systemd files
All of these control instances should be executable, 550 permissions,
and owned by nobody:dugout, making them available to general dugout group
members.
linker/* files should follow the convention:
.linker
These instances should then provide the directory logic as needed by the
runtime program that is being run elsewhere, as a job runner-script.
All of these instances should be read-only, 040 permissions - and owned by
nobody:dugout
operations/* instances should follow the following convention:
.sh
These instances should provide vetted/completed instructions on how to operate
specific types of instances or programs. An example would be once you took
your python history file that was backed up in */LOGS/Z_UNSORTED you could
go through it and make a file of say: python_socketconnect_tcp.ds
where you could go through and explain exactly how everything works with
vetted (working) examples.
All of these files should be read-only, 040 persmission - and owned by
nobody:dugout. They are then meant to provide context and details about
operations to any user within the dugout group.
optional/* instances should follow the following convention:
This location holds custom unit/systemd instances that can be utilized
by your system outside of the initial OS installation. They do not need to
be POSIX. Still, They should follow the same convention:
/
an exmple:
CORE/corehost.service
Where corehost.service would have a custom systemd/unit file for a system
You could have as many instances as you wanted: i.e. CORE, nginx, etc
All directories here should be 750 permissions and owned by root:root
These instances are not meant to be general instances, and should be meant
to eventually bundle into your OS in some way as a system level resource.
summary/* files should follow the following convention:
Any file that's generated as output by a summary_*.sh file should output
to this location - typically, these files are only meant to store
on the fly data and not persistent information. Persistent information is
generally stored in /var/log/* or in /NOVASTORE/LOGS
Lastly, to summarize dugout:
All files in the /MAINTAINME/dugout/* directory structure should be read-only,
040 permissions and should be linked to in the environment of the system-users
choising, such as bash, tcsh, zsh, etc. These are then sourced and activated
upon events such as logging in, opening a shell, or logging out.
These dugout instances should follow the following convention:
.dugout
Routines, functions, environment-additions, runtime-enhancements, and other
similar methods can be foud in *.dugout instances.
These instances should be owned by root:dugout (Because some need to be
started by systemd, or init in certain use-cases - and they should be
permissions 550 to allow for the proper execution of each when that's required.
However, in general, execution at startup or by a system-unit should be
deferred into the state_modifier section, which responds to changing
system states.
The basic types of MAINTENANCE instances should be executable .sh files
and they represent the following meta-instance types:
OVERVIEW-> DUGOUT_TYPES_HELP.entity
1.) clean/.sh
2.) cleanse/.sh
3.) configure/.sh
4.) controls/.sh
5.) display/.sh
6.) minter/.sh
6a.) minter/instances/.sh (mediarestricted)
6b.) minter/novastore/.sh (mediarestricted)
6c.) minter/operator/.sh (mediarestricted)
6d.) minter/protected/.sh (mediarestricted)
6e.) minter/server/.sh (mediarestricted)
6f.) minter/special/.sh (mediarestricted)
7.) operations/.sh
8.) perform/.sh
9.) state_modifier/_.sh
10.) summarize/.sh
As you can see, three sections excluded were:
1.) dugout (setup and wrapper loaders)
2.) optional (optional system resources)
3.) summary (summarized MAINTAINME outputs)
controls, optional, perform, and summarize are 070 nobody:mediarestricted
instances.
The rest are root:dugout, and are 750 instances.
A blueprint should be setup in dugout that takes care of all of the
ownership levels described in this document, i.e. a root:dugout blueprint,
etc.
The .sh files should be 550 permissions when they are root:dugout, and 050
permissions when they are nobody:dugout
More on terms:
MINT: to get a specific segment of the machine to conform entirely to
a predefined set of permissions/ownership/scoped-logic.
minter/protected/* files aren't able to be run by anyone not in the
mediarestricted group and have permissions 050, and are owned by
nobody:mediarestricted
By default, there is only one public minters:
1.) shared.sh
The rest are restricted to elevated accounts.
The default MINT routine is filesystem which specifies permission and
ownership changing methods from various minter/* locations.
This can be run at intervals after various periods of operator use, or
triggered by events.
STATE_ACTION: a modifier to alter the state of a running PID on the
system, or a eliminator that can terminate a PID on the system. There
are also builder contexts to establish a new PID on the system
When developing a new file, to keep them tracked an scoped to an
author, use the following conventions at the top of each instance file.
All files follow the conventions:
A.) Required
1.) ENVIRONMENT SOURCE DEFINITION -> i.e. #!/bin/sh
2.) COPYRIGHT NOTICE-> COPYRIGHT (C) YEAR CLAIMANT RESERVATION
3.) CREATED: DATE
4.) INSTANCE: NAME-> VERBOSE
5.) MODIFIED: DATE
6.) BRIEF OVERVIEW-> i.e. What does this instance perform?
B.) OPTIONAL
1.) HISTORY: CURRENT VERSION
-> PAST VERSION MOST RECENT
-> LAST VERSION PROVIDED
An example is provided below:
We default to /bin/sh and if you prefer a certain shell over the other,
you are responsible for forwarding it to your desired environment.
We assume POSIX compliant shell as much as possible. Some exceptions
are made complex arrays, but most of these exceptions have been
refactored to be POSIX compliant.
START_EXAMPLE_BELOW_HERE:
!/bin/sh
COPYRIGHT (C) 2022 NEW ENTITY OPERATIONS INC. ALL RIGHTS RESERVED
CREATED: 2022/10/14
INSTANCE: configure/function_x.sh
MODIFIED: 2023/12/18
OVERVIEW: Use the function X to perform Y
HISTORY: VERSION 1.1
-> 2022/02/14 (VERSION 0.1)
-> 2023/12/18 (VERSION 1.1)