* bug#28875: 25.3.50; set-default-file-modes ignores execution bits @ 2017-10-17 13:11 Tino Calancha 2017-10-17 14:03 ` Andreas Schwab 0 siblings, 1 reply; 10+ messages in thread From: Tino Calancha @ 2017-10-17 13:11 UTC (permalink / raw) To: 28875 emacs -Q: (let ((foo (make-temp-file "foo")) mode) (with-file-modes #o755 (write-region "" nil foo nil 0)) ;; (set-file-modes foo #o755) (setq mode (nth 8 (file-attributes foo))) (delete-file foo) mode) => "-rw-------" To set foo file permissions to "-rwxr-xr-x" I need uncomment (set-file-modes foo #o755) above. Why? Is for security reasons? In GNU Emacs 25.3.50.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.11) of 2017-09-20 built on calancha-pc Repository revision: c3ff6712ad24fcf45874dc0665a8606e9b2208a4 ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-17 13:11 bug#28875: 25.3.50; set-default-file-modes ignores execution bits Tino Calancha @ 2017-10-17 14:03 ` Andreas Schwab 2017-10-17 14:25 ` Tino Calancha 0 siblings, 1 reply; 10+ messages in thread From: Andreas Schwab @ 2017-10-17 14:03 UTC (permalink / raw) To: Tino Calancha; +Cc: 28875 On Okt 17 2017, Tino Calancha <tino.calancha@gmail.com> wrote: > emacs -Q: > (let ((foo (make-temp-file "foo")) mode) > (with-file-modes #o755 (write-region "" nil foo nil 0)) > ;; (set-file-modes foo #o755) > (setq mode (nth 8 (file-attributes foo))) > (delete-file foo) mode) > => "-rw-------" > > To set foo file permissions to "-rwxr-xr-x" I need uncomment > (set-file-modes foo #o755) above. > Why? Is for security reasons? make-temp-file already creates the file (with restrictive modes), so with-file-modes has no effect (write-region does not change the mode of existing files). But write-region also never sets the x bits in the first place, it uses #o666 as the base mode. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-17 14:03 ` Andreas Schwab @ 2017-10-17 14:25 ` Tino Calancha 2017-10-20 3:10 ` Tino Calancha 0 siblings, 1 reply; 10+ messages in thread From: Tino Calancha @ 2017-10-17 14:25 UTC (permalink / raw) To: Andreas Schwab; +Cc: 28875, Tino Calancha On Tue, 17 Oct 2017, Andreas Schwab wrote: > On Okt 17 2017, Tino Calancha <tino.calancha@gmail.com> wrote: > >> emacs -Q: >> (let ((foo (make-temp-file "foo")) mode) >> (with-file-modes #o755 (write-region "" nil foo nil 0)) >> ;; (set-file-modes foo #o755) >> (setq mode (nth 8 (file-attributes foo))) >> (delete-file foo) mode) >> => "-rw-------" >> >> To set foo file permissions to "-rwxr-xr-x" I need uncomment >> (set-file-modes foo #o755) above. >> Why? Is for security reasons? > > make-temp-file already creates the file (with restrictive modes), so > with-file-modes has no effect (write-region does not change the mode of > existing files). But write-region also never sets the x bits in the > first place, it uses #o666 as the base mode. > Thank you for th enice explanation. I understand now. I think I was fooled by the docstring of `set-default-file-modes': "Set the file permission bits for newly created files..." I thought that setting will be used by the functions in my snippet. ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-17 14:25 ` Tino Calancha @ 2017-10-20 3:10 ` Tino Calancha 2017-10-20 7:15 ` Eli Zaretskii 2017-10-20 7:53 ` Andreas Schwab 0 siblings, 2 replies; 10+ messages in thread From: Tino Calancha @ 2017-10-20 3:10 UTC (permalink / raw) To: 28875; +Cc: Andreas Schwab Tino Calancha <tino.calancha@gmail.com> writes: > On Tue, 17 Oct 2017, Andreas Schwab wrote: > >> On Okt 17 2017, Tino Calancha <tino.calancha@gmail.com> wrote: >> >>> emacs -Q: >>> (let ((foo (make-temp-file "foo")) mode) >>> (with-file-modes #o755 (write-region "" nil foo nil 0)) >>> ;; (set-file-modes foo #o755) >>> (setq mode (nth 8 (file-attributes foo))) >>> (delete-file foo) mode) >>> => "-rw-------" >>> >>> To set foo file permissions to "-rwxr-xr-x" I need uncomment >>> (set-file-modes foo #o755) above. >>> Why? Is for security reasons? >> >> make-temp-file already creates the file (with restrictive modes), so >> with-file-modes has no effect (write-region does not change the mode of >> existing files). But write-region also never sets the x bits in the >> first place, it uses #o666 as the base mode. >> > I think I was fooled by the docstring of `set-default-file-modes': > "Set the file permission bits for newly created files..." Besides the behavior is mentioned in the manual, that is relevant for the correct use of the function, so IMO it's worth to include it the docstring as well. --8<-----------------------------cut here---------------start------------->8--- commit d749ad1ca0375a938c0283155b56e737cc120640 Author: Tino Calancha <tino.calancha@gmail.com> Date: Fri Oct 20 11:58:17 2017 +0900 * src/fileio.c (set-default-file-modes): Doc fix diff --git a/src/fileio.c b/src/fileio.c index b7df38c857..d707bfc1c6 100644 --- a/src/fileio.c +++ b/src/fileio.c @@ -3125,7 +3125,11 @@ symbolic notation, like the `chmod' command from GNU Coreutils. */) DEFUN ("set-default-file-modes", Fset_default_file_modes, Sset_default_file_modes, 1, 1, 0, doc: /* Set the file permission bits for newly created files. The argument MODE should be an integer; only the low 9 bits are used. -This setting is inherited by subprocesses. */) +This setting is inherited by subprocesses. + +Note that some functions (e.g., `write-region') ignore the execution +bits in MODE. In that case you need first to create the file, +and then set the permisions with `set-file-modes'. */) (Lisp_Object mode) { mode_t oldrealmask, oldumask, newumask; --8<-----------------------------cut here---------------end--------------->8--- In GNU Emacs 26.0.90 (build 6, x86_64-pc-linux-gnu, GTK+ Version 3.22.11) of 2017-10-20 Repository revision: ddd547fada112c603dae7a204fa0b141429f1927 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-20 3:10 ` Tino Calancha @ 2017-10-20 7:15 ` Eli Zaretskii [not found] ` <ef2bbaf3-7c6b-56a8-32ac-c5366d7431e7@gmail.com> 2017-10-20 7:53 ` Andreas Schwab 1 sibling, 1 reply; 10+ messages in thread From: Eli Zaretskii @ 2017-10-20 7:15 UTC (permalink / raw) To: Tino Calancha; +Cc: 28875, schwab > From: Tino Calancha <tino.calancha@gmail.com> > Cc: Eli Zaretskii <eliz@gnu.org>, Andreas Schwab <schwab@suse.de> > Date: Fri, 20 Oct 2017 12:10:18 +0900 > > >> make-temp-file already creates the file (with restrictive modes), so > >> with-file-modes has no effect (write-region does not change the mode of > >> existing files). But write-region also never sets the x bits in the > >> first place, it uses #o666 as the base mode. > >> > > I think I was fooled by the docstring of `set-default-file-modes': > > "Set the file permission bits for newly created files..." > Besides the behavior is mentioned in the manual, that is relevant > for the correct use of the function, so IMO it's worth to include it > the docstring as well. > > --8<-----------------------------cut here---------------start------------->8--- > commit d749ad1ca0375a938c0283155b56e737cc120640 > Author: Tino Calancha <tino.calancha@gmail.com> > Date: Fri Oct 20 11:58:17 2017 +0900 > > * src/fileio.c (set-default-file-modes): Doc fix > > diff --git a/src/fileio.c b/src/fileio.c > index b7df38c857..d707bfc1c6 100644 > --- a/src/fileio.c > +++ b/src/fileio.c > @@ -3125,7 +3125,11 @@ symbolic notation, like the `chmod' command from GNU Coreutils. */) > DEFUN ("set-default-file-modes", Fset_default_file_modes, Sset_default_file_modes, 1, 1, 0, > doc: /* Set the file permission bits for newly created files. > The argument MODE should be an integer; only the low 9 bits are used. > -This setting is inherited by subprocesses. */) > +This setting is inherited by subprocesses. > + > +Note that some functions (e.g., `write-region') ignore the execution > +bits in MODE. In that case you need first to create the file, > +and then set the permisions with `set-file-modes'. */) Why would someone assume that write-region could/should change the mode bits of an already existing file? It's entirely unreasonable for write-region to do so, as the mode bits are determined when the file is created, in this case by make-temp-file. So I'm not sure why should we make this correction to the doc string. What am I missing? Thanks. ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <ef2bbaf3-7c6b-56a8-32ac-c5366d7431e7@gmail.com>]
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits [not found] ` <ef2bbaf3-7c6b-56a8-32ac-c5366d7431e7@gmail.com> @ 2017-10-20 8:42 ` Eli Zaretskii [not found] ` <0a5e94fd-6c38-b022-5219-449f5e90c261@gmail.com> 0 siblings, 1 reply; 10+ messages in thread From: Eli Zaretskii @ 2017-10-20 8:42 UTC (permalink / raw) To: Tino Calancha; +Cc: 28875 > From: Tino Calancha <tino.calancha@gmail.com> > Date: Fri, 20 Oct 2017 16:31:46 +0900 > > (with-file-modes ?\700 > (if (file-exists-p > (setq pidfile (format "/tmp/Mosaic.%d" pid))) > (delete-file pidfile)) > ;; https://debbugs.gnu.org/17428. Use O_EXCL. > (write-region nil nil pidfile nil 'silent nil 'excl))) > > Here the file doesn't exist, `write-region' create it. Beside the > (with-file-modes ?\700 > > the actual file permission for pidfile is: 600 > This was a bit sorprising for me; I need to read the manual to fully > understand it. > The docstring of with-file-modes links to set-default-file-modes, so > maybe enough just t mention about this there. I think you are missing what Andreas points out: that set-default-file-modes works via 'umask', which can only remove bits from the default permissions, it cannot add bits. I'm okay with describing this in more details, for those might not be aware of how 'umask' works. That would be a different text, though, not the one you suggested. ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <0a5e94fd-6c38-b022-5219-449f5e90c261@gmail.com>]
[parent not found: <83bmks7l1p.fsf@gnu.org>]
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits [not found] ` <83bmks7l1p.fsf@gnu.org> @ 2017-10-27 14:02 ` Tino Calancha 2017-10-27 17:22 ` Eli Zaretskii 0 siblings, 1 reply; 10+ messages in thread From: Tino Calancha @ 2017-10-27 14:02 UTC (permalink / raw) To: Eli Zaretskii, 28875 On 10/27/2017 10:54 PM, Eli Zaretskii wrote: >> From: Tino Calancha <tino.calancha@gmail.com> >> Date: Fri, 20 Oct 2017 18:37:11 +0900 >> >>> I think you are missing what Andreas points out: that >>> set-default-file-modes works via 'umask', which can only remove bits >>> from the default permissions, it cannot add bits. I'm okay with >>> describing this in more details, for those might not be aware of how >>> 'umask' works. That would be a different text, though, not the one >>> you suggested. >> You are right I don't know much about umask. >> Probably most of the people using set-default-file-modes > OK, I added some text to the docs to clarify this. Thank you, it looks more clear to me know. There is a duplicated word: +This function works by setting the Emacs's file mode creation mask. +Each bit that is set in the mask means that the corresponding bit +in the the permissions of newly created files will be disabled. ^^^^ ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-27 14:02 ` Tino Calancha @ 2017-10-27 17:22 ` Eli Zaretskii 2018-07-10 6:45 ` Tino Calancha 0 siblings, 1 reply; 10+ messages in thread From: Eli Zaretskii @ 2017-10-27 17:22 UTC (permalink / raw) To: Tino Calancha; +Cc: 28875 > From: Tino Calancha <tino.calancha@gmail.com> > Date: Fri, 27 Oct 2017 23:02:28 +0900 > > There is a duplicated word: Thanks, fixed. ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-27 17:22 ` Eli Zaretskii @ 2018-07-10 6:45 ` Tino Calancha 0 siblings, 0 replies; 10+ messages in thread From: Tino Calancha @ 2018-07-10 6:45 UTC (permalink / raw) To: 28875-done Eli Zaretskii <eliz@gnu.org> writes: >> From: Tino Calancha <tino.calancha@gmail.com> >> Date: Fri, 27 Oct 2017 23:02:28 +0900 >> >> There is a duplicated word: > > Thanks, fixed. I am closing this bug report which was already handled. ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#28875: 25.3.50; set-default-file-modes ignores execution bits 2017-10-20 3:10 ` Tino Calancha 2017-10-20 7:15 ` Eli Zaretskii @ 2017-10-20 7:53 ` Andreas Schwab 1 sibling, 0 replies; 10+ messages in thread From: Andreas Schwab @ 2017-10-20 7:53 UTC (permalink / raw) To: Tino Calancha; +Cc: 28875 On Okt 20 2017, Tino Calancha <tino.calancha@gmail.com> wrote: > diff --git a/src/fileio.c b/src/fileio.c > index b7df38c857..d707bfc1c6 100644 > --- a/src/fileio.c > +++ b/src/fileio.c > @@ -3125,7 +3125,11 @@ symbolic notation, like the `chmod' command from GNU Coreutils. */) > DEFUN ("set-default-file-modes", Fset_default_file_modes, Sset_default_file_modes, 1, 1, 0, > doc: /* Set the file permission bits for newly created files. > The argument MODE should be an integer; only the low 9 bits are used. > -This setting is inherited by subprocesses. */) > +This setting is inherited by subprocesses. > + > +Note that some functions (e.g., `write-region') ignore the execution > +bits in MODE. In that case you need first to create the file, > +and then set the permisions with `set-file-modes'. */) The umask cannot broaden the permissions, only restrict them. The zero bits specify the bits that are always cleared from the mode, the one bits leave them unmodified. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-07-10 6:45 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-10-17 13:11 bug#28875: 25.3.50; set-default-file-modes ignores execution bits Tino Calancha 2017-10-17 14:03 ` Andreas Schwab 2017-10-17 14:25 ` Tino Calancha 2017-10-20 3:10 ` Tino Calancha 2017-10-20 7:15 ` Eli Zaretskii [not found] ` <ef2bbaf3-7c6b-56a8-32ac-c5366d7431e7@gmail.com> 2017-10-20 8:42 ` Eli Zaretskii [not found] ` <0a5e94fd-6c38-b022-5219-449f5e90c261@gmail.com> [not found] ` <83bmks7l1p.fsf@gnu.org> 2017-10-27 14:02 ` Tino Calancha 2017-10-27 17:22 ` Eli Zaretskii 2018-07-10 6:45 ` Tino Calancha 2017-10-20 7:53 ` Andreas Schwab
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).