Konqueror delete unification
Koos Vriezen
koos.vriezen at xs4all.nl
Fri Jul 18 13:11:29 BST 2003
On Fri, 18 Jul 2003, Jos van den Oever wrote:
> On Thursday 17 July 2003 23:13, Koos Vriezen wrote:
> > Not uncommon though, like tar. Yes -i like cp/mv, so only for restoring.
> Well, tastes differ :-)
>
> > > - put mktrash and trashfind in the daemon: the user nor root should need
> > > to run them
> >
> > Not sure if a daemon is necessary, but 'mktrash -a' (make all trash dirs
> > if not there yet) is probably useful. Why do you think of a daemon (note
> > that 'trash' is suid)?
>
> You're right. No daemon is needed if trash is suid. The 'untrash'
> functionality also needs to be suid if there is a central list of trash
> files. Is it wise to have a suid program write to disk? Sounds like a
> security problem. On could e.g. override ones quota.
I think you have a point, using a suid for restoring trash is dangerous.
Good reason for splitting this functionality like a untrash...and/or,
(un)trash forks, child changes uid and restores files, parent waits for
it and if succeeds sets permissions right (for restoring over fs
boundaries) and maybe edit trash meta data. No suid on untrash means
you can lose owner.group settings..but it's not the end of the world
either and only if a fs doesn't have a trash dir.
> > > Actually the Trash Can project looks pretty well thought out. trash://
> > > can probably build straight on top of it. Too bad it's not in
> > > Knoppix/Debian, otherwise I'd immediately apt-get it. I think I'll
> > > install it anyway.
> >
> > Only to user oriented imo, and no multible trash dirs.
> Hmm, user trash dirs are a security requirement, IMHO: other users must not be
> able to see which files another user has deleted.
>
> > (One thing I thought of afterward, is the permission of the trashed file.
> > It should be the most restrictive when going up the directory tree, eg. a
> > 644 in ones home dir, with permission 701, should be 600 I think.)
>
> If the trashdir has permission 700, then the permissions of the files inside
> do not matter. They can be kept unchanged.
Ok, if there is a shared trash dir, it would have trash-uid(700) dirs as
content. Too bad, I thought it might be usefull to share trash with
co-workers..but maybe it just needs more thinking..Eg. a 644 file in a 775
dir, could be trashed to a trash-gid(775-root.group) dir...
Koos
More information about the kfm-devel
mailing list