XDG_RUNTIME_DIR permission check

Lennart Poettering mzkqt at 0pointer.de
Mon Jan 9 11:35:10 UTC 2017

On Sun, 08.01.17 19:16, David Faure (faure at kde.org) wrote:

> http://standards.freedesktop.org/basedir-spec/latest says
> „The directory MUST be owned by the user, and he MUST be the only one having 
> read and write access to it. Its Unix access mode MUST be 0700.“ 
> However this is unclear in terms of who is responsible for these "MUST".
> Should an application (or library), which wants to use XDG_RUNTIME_DIR, check 
> these ownership/permission requirements before using it, or are these 
> constraints simply for the piece of code that sets XDG_RUNTIME_DIR and then 
> apps can just use it without checking?
> Based on the outcome I'll make a patch for the spec, since it seems unclear 
> right now.

When I wrote this I always had in mind that the component setting
XDG_RUNTIME_DIR is responsible for preparating the dir the right way,
and that apps may simply trust that the dir is properly set up when
they see the environment variable set.

That said, people do weird stuff with su/sudo. It might or might not
make sense for apps to superficially check ownership of the dir before
using it. However I am very sure apps should never try to "fix" it it
doesn't match their expectations, as that most likely would make
things worse, not better in such su/sudo setups.


Lennart Poettering, Red Hat

More information about the xdg mailing list