Re: [bug-gawk] gawk - 'inplace' feature ignores file's access flags (read-only)

[Johannes Meixner]

Hello,

On Jun 16 12:37 Bob Proulx wrote (excerpt):
> Johannes Meixner wrote:
> > When I am normal user I expect that a tool works in compliance
> > with my normal user permissions (if a tool could exceed my
> > normal user permissions there is a security issue somewhere).
>
> This is one of those common pitfalls that people often fall into.
> It is a misconception to think that permissions on a file prevent
> the file from being removed...

only for clarification:

I did not mean only the file permissions. I meant all permission
settings that apply to that user (e.g. including any ACLs).

> At least the -i functionality is done the right way.

I think the common pitfall is not that a user may not understand
what the directory permissions mean.

I think the common pitfall is that a user does not understand
what the -i functionality means i.e. that the -i functionality
(at least usually) implements whatever can and needs to be done
to fulfill the user's request to get the content of a file changed.

I think it does not actually matter for the user how the tool
gets the content of a file changed - via in-place changing or
via replacing the whole file.

Assume there is a special unusual permissions system where under
special circumstances in-place changing is possible even when
the normal permission forbids writing, then a -i functionality
could do in-place changing that users do not understand.

For example ACLs could be used this way:
---------------------------------------------------------------
root:~# mkdir /test

root:~# cd /test

root:/test# echo hello >hello

root:/test# ls -li hello
719837 -rw-r--r-- 1 root root 6 Jun 17 12:33 hello

root:/test# setfacl -m u:jsmeix:rw hello

root:/test# chmod o=- hello

root:/test# ls -li hello
719837 -rw-rw----+ 1 root root 6 Jun 17 12:33 hello

root:/test# getfacl hello
# file: hello
# owner: root
# group: root
user::rw-
user:jsmeix:rw-
group::r--
mask::rw-
other::---

jsmeix:/test$ echo hello2 >hello

jsmeix:/test$ cat hello
hello2

jsmeix:/test$ ls -li hello
719837 -rw-rw----+ 1 root root 7 Jun 17 12:34 hello
---------------------------------------------------------------

By the way:

The -i functionality at least for my sed 4.1.5
preserves only the normal file permissions
but neither owner:group nor ACLs:
---------------------------------------------------------------
root:/test# chmod a+w /test

jsmeix:/test$ sed -i -e 's/hello/foo/' hello

jsmeix:/test$ cat hello
foo2

jsmeix:/test$ ls -li hello
719838 -rw-rw---- 1 jsmeix suse 5 Jun 17 12:39 hello

jsmeix:/test$ getfacl hello
# file: hello
# owner: jsmeix
# group: suse
user::rw-
group::rw-
other::---
---------------------------------------------------------------

Of course in this case when sed runs as jsmeix it cannot
create a file with owner:group root:root.


> For example without -i one needs all of this infrastructure:
>
> #!/bin/sh
> unset tmpfile
> cleanup() { test -n "$tmpfile" && rm -f "$tmpfile" ;}
> trap "cleanup" EXIT
> trap "cleanup; trap - HUP; kill -HUP $$" HUP
> trap "cleanup; trap - INT; kill -INT $$" INT
> trap "cleanup; trap - QUIT; kill -QUIT $$" QUIT
> trap "cleanup; trap - TERM; kill -TERM $$" TERM
> trap "trap - PIPE; cleanup; kill -PIPE $$" PIPE
> tmpfile=$(mktemp ./foo.XXXXXXXX) || exit 1
> echo "foo" > "$tmpfile" || exit 1
> mv "$tmpfile" foo || exit 1
> exit 0

This way even the normal file permissions are not preserved.

I think something like

  cp --preserve=all foo $tmpfile

would be needed to preserve as much as possible from the
original file.

Curently I don't know a command that creates a file anew
with '--preserve=all' from another (template) file but
without copying the content of the other file.


Kind Regards
Johannes Meixner
--
SUSE LINUX GmbH - GF: Felix Imendoerffer, Jane Smithard,
Dilip Upmanyu, Graham Norton - HRB 21284 (AG Nuernberg)