Trash: directories in $topdir, and security

mr at mr at
Tue Sep 7 12:28:28 EEST 2004


>> (2) the file system does not support Unix permissions, and uses ACLs
>> instead? XFS, for example. It's in POSIX, so we can't ignore this
>> possibility. Besides, ACLs are really more convenient for ahared
>> resources, especially in large organizations.

> I'm not sure what the problem is with ACLs filesystems though.
> These generally have unix permissions in addition to ACLs, don't they?
> We really need to verify the sticky bit is set, or users could remove
> other users trash.

What if we use an NTFS/Samba share? Only trash to $HOME unless $topdir is
user writeable? Besides, I've seen some talk that the sticky bit does not
work on XFS (could not find a reference in English right now).

And a more "principled" note. We're developing something that was not
available before - a spec for trashing usable *over a network*. I don't
think binding it tightly to the Unix architecture is a good idea/
Especially to a very Unix-specific thing like the old permissions system.
It may be on the way out, because of ACLs.

But. I have an idea. The recommended solution will be to check for the
sticky bit, but to provide an ability to disable the check for a
particular top directory. Only root should be able to disable it.

Is this OK? (If yes, I'll try to release 0.3 no later than tomorrow).

Yours, Mikhail Ramendik

More information about the xdg mailing list