Trash specification, version 0.1

Alexander Larsson alexl at redhat.com
Fri Sep 3 10:35:33 EEST 2004 

On Thu, 2004-09-02 at 14:58 +0200, David Faure wrote:
> On Thursday 02 September 2004 13:36, mr at ramendik.ru wrote:
> > 
> > >> I have somewhat lost track of th eother-partitions issue. Is the
> > >> consensus
> > >> on administrator-created $topdir/.Trash , and $uid directories within
> > >> it?
> > >
> > > Yes, and if that doesn't exist, the app can try using/creating a global
> > > $topdir/.Trash-$uid directory.
> > 
> > I'm not sure this is a good idea. A trash listing app would have to search
> > every top dir for BOTH .Trash/$uid and .Trash-$uid.
> > 
> > I would say, there should be an admin-created $topdir/.Trash, and if it's
> > not there, trashing is done by copying to $HOME. And implementations *may*
> > include some form of auto-cteation of .Trash (would be a nice improvement
> > for removable devices).
> 
> Let's see: if a user creates a .Trash (as one could do on a floppy disk, or on a
> partition mounted for one user only), then other users will either:
> - be able to use that directory (e.g. g+w is set by the umask); no problem
>    (it would be wise to g-w the $uid subdirs themselves of course).
> - not be able to use that directory (can't mkdir in it); well, they'll use their $HOME.
> 
> So I agree with $topdir/.Trash, either created by root or by user, 
> and $uid/ subdirs inside it.

Uhm i'm not sure i follow. Say the partition is writable to all, but has
no .Trash dir. Then a user comes along and autocreates a .Trash dir
owned by him which is world writable. Then another user arrives, and is
able to create a $uid dir in .Trash, to use for trash dir. 

Now, user1 has user2s trash dir in a directory owned by him, which
doesn't have the sticky bit set. So, he can do things like renaming the
directory, or change the permissions of ".Trash" so that user2 can't
read it anymore.

You can't actually read the other users files, but you can prevent him
from reading them, or deleting them (which can be problematic if you use
for instace quota support).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl at redhat.com    alla at lysator.liu.se 
He's a genetically engineered chivalrous boxer possessed of the uncanny powers 
of an insect. She's a green-fingered green-skinned cab driver with her own 
daytime radio talk show. They fight crime!

More information about the xdg mailing list