Review Request: Copy files instead of moving if parent dir is not writable

Lamarque Vieira Souza lamarque at kde.org
Tue Mar 27 20:13:06 BST 2012



> On March 27, 2012, 2:30 p.m., Thomas Lübking wrote:
> > Does the new patch actually *silently* skip move impossible attempts??
> > Excuse my ignorance, but why are system resources actually needed to be *moved* anywhere by a random user - what means they're now gone in their original location (and for everyone else)
> > This does not sound as if the current move has a problem, but the design of those private activities has (single user approach -> fix that by logging him in as root and watch the project fail ;-)
> 
> Lamarque Vieira Souza wrote:
>     Yes, the new patch silently skips moving impossible attempts. I tested it here and we do not need to move the .desktop file to add the app to the homescreen. Skipping the move seems to fix the other problem described in #296808, now the containments are not empty after a reboot, I still need to figure out why this change fixes that problem (debugging nepomuk is not easy :-/).
>     
>     Private activities are intended to protect data from different persons, not user accounts (like it usually is the case in Linux/Unix). Everybody logs in using the same non-root account and to access a private activity the person must authenticate yourself first. The itention is to treat a private activity as if it is different user account but the kde daemons (kactivitymanager, nepomuk, kded, contourd, etc) were not designed to authenticate users so we are resorting to encfs for that. With encfs the person using the device must supply a password to mount the encrypted folder and access the private data. One use case for that is a parent that creates a "Work" activity with data from his/her work, the parent also lends the device to his/her kids to play and do not want them to mess with his data, so the parent can mark the activity as private and the kids will not access to the data.
>     
>     We are working on how to decide which data to move to the private folder and also when move them back to the original place. In this case we do not need to move .desktop files but moving files is still necessary if the file is a document created by the user.
> 
> Thomas Lübking wrote:
>     > kids will not access to the data
>     except for deleting them (but that is quite OT)
>     
>     > I still need to figure out why this change fixes that problem
>     I'd say non interactive file operations will just exit with an error on a conflict.
>     
>     Anyway, i guess the proper layer to decide which data to copy/move/symlink is not the general data management but the private activity creation, where you will likely also want to break/restore file permissions (eg. if a user dir has been tagged read-only, it's files should still be moved to the private activity and the former status restored there)
>     
>     In general, just silently skipping impossible file operations is imo no option, because even if you just copied the data instead, it remains in a pot. public location what may be explicitly not wanted by explicitly attempting to move the file.
>     This could (for eg. chmod 500 directories) end up in exposing company secrets as well as just your kids suddenly stumbling across your FapFolder(tm)

> except for deleting them (but that is quite OT)
Yes, that is possible.

Well, Plasma Active makes heavy use of nepomuk to hide filesystem structure, which means there is no easy way for the user to change file permissions. Hidding filesystem structure is a design decision (made before I joined the team by the way). We still ship Dolphin with the images but since it is reduntant compared to active-filebrowser (PA's file manager) I guess it will be removed in the future.

I could change the patch to move the file if either the user owns the parent directory or he/she has write permissions to the parent folder.


- Lamarque Vieira


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/104417/#review11909
-----------------------------------------------------------


On March 27, 2012, 2:22 p.m., Lamarque Vieira Souza wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/104417/
> -----------------------------------------------------------
> 
> (Updated March 27, 2012, 2:22 p.m.)
> 
> 
> Review request for KDE Runtime and Plasma.
> 
> 
> Description
> -------
> 
> When adding an application resource to a private activity kactivitymanager tries to move the resource's .desktop file to the activity's private folder. The new .desktop file is created successfully but the source file is not deleted if the user does not have write permission on the file's directory. This patch detects such situation and uses copy instead of move to prevent "permission denied" messages for every resource being added.
> 
> 
> This addresses bug 296808.
>     http://bugs.kde.org/show_bug.cgi?id=296808
> 
> 
> Diffs
> -----
> 
>   service/jobs/nepomuk/Move.h 8a8afd1 
>   service/jobs/nepomuk/Move.cpp 08a3cc2 
> 
> Diff: http://git.reviewboard.kde.org/r/104417/diff/
> 
> 
> Testing
> -------
> 
> Works on Meego devel image. The file is copied and no error message is shown.
> 
> 
> Thanks,
> 
> Lamarque Vieira Souza
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20120327/4f75e376/attachment.htm>


More information about the kde-core-devel mailing list