bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix example

[Peter Oliver <p.d.oliver@mavit.org.uk>]

[-- Attachment #1: Type: text/plain, Size: 1518 bytes --]

On Sun, 22 Oct 2023, Peter Oliver wrote:

> On Sun, 22 Oct 2023, Björn Bidar wrote:
>
>>>  @ example
>>>  -local$ ssh -R12345:localhost:12345 remote
>>>  -remote$ export EDITOR="emacsclient \
>>>  -        --server-file=server \
>>>  -        --tramp=/ssh:remote:"
>>>  +local$ ssh -R
>>>  "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server"
>>>  remote
>>>  +remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
>>
>>  If the host has run /run/user it would make sense to setup the Emacs
>>  socket inside this directory.
>>  On older systems this might be /var/run/user I think.
>
> It would, sure, but you can’t in general tell from the local side whether the 
> remote side has /run, nor what your UID is there.  You’d need an extra round 
> trip, for which you need ssh’s ControlPersist option to make performant. 
> This is too complicated for a simple example.
>
>>  If the socket fie is in /tmp every other user can read it, using /run/user
>>  is
>>  more secure.
>
> No, the socket will have permissions 0700, so other users won’t be able to 
> read it.  The risk is that other users will be able to cause a nuisance by 
> creating a file of the same name in its place.  Perhaps it’s better to 
> suggest putting the socket in the user’s home directory (which I originally 
> discounted in case of shared NFS home directories)?

Here is an update patch that does that.

I’m not sure why this bug was closed already.

-- 
Peter Oliver

[-- Attachment #2: Type: text/plain, Size: 3459 bytes --]

From 7a9be6ae81e7ac36d02a9a39330c8e2a609d40ca Mon Sep 17 00:00:00 2001
From: Peter Oliver <git@mavit.org.uk>
Date: Sat, 21 Oct 2023 15:55:03 +0100
Subject: [PATCH] Socket forwarding in emacsclient --tramp-prefix example
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, the emacsclient --tramp-prefix documentation suggested
using it in conjunction with a forwarded TCP port.  However, OpenSSH
has supported forwarding sockets since version 6.7 (released 2014), so
let’s suggest that instead.  Sockets require less manual configuration
than ports, are less likely to clash, and are more secure, so will be
a better choice for the majority of people looking to set up this
facility for the first time.

* doc/emacs/misc.texi (emacsclient Options): Suggest forwarding sockets.
---
 doc/emacs/misc.texi | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index a05b7f6c6ea..6321beed619 100644
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -2158,8 +2158,9 @@ emacsclient Options
 Set the prefix to add to filenames for Emacs to locate files on remote
 machines (@pxref{Remote Files}) using TRAMP (@pxref{Top, The Tramp
 Manual,, tramp, The Tramp Manual}).  This is mostly useful in
-combination with using the Emacs server over TCP (@pxref{TCP Emacs
-server}).  By ssh-forwarding the listening port and making the
+combination with using the Emacs server from a remote host.  By
+ssh-forwarding the listening socket, or ssh-forwarding the listening
+port @pxref{TCP Emacs server} and making the
 @var{server-file} available on a remote machine, programs on the
 remote machine can use @command{emacsclient} as the value for the
 @env{EDITOR} and similar environment variables, but instead of talking
@@ -2171,16 +2172,29 @@ emacsclient Options
 effect as using the @samp{-T} option.  If both are specified, the
 command-line option takes precedence.
 
-For example, assume two hosts, @samp{local} and @samp{remote}, and
-that the local Emacs listens on tcp port 12345.  Assume further that
+For example, assume two hosts, @samp{local} and @samp{remote}.
+
+@example
+local$ ssh -R "/home/%r/.emacs.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server" remote
+remote$ export EMACS_SOCKET_NAME=$HOME/.emacs.socket
+remote$ export EMACSCLIENT_TRAMP=/ssh:remote:
+remote$ export EDITOR=emacsclient
+remote$ $EDITOR /tmp/foo.txt #Should open in local emacs.
+@end example
+
+If you are using a platform where @command{emacsclient} does not use
+Unix domain sockets (i.e., MS-Windows), or your SSH implementation is
+not able to forward them (e.g., OpenSSH before version 6.7), you can
+forward a TCP port instead.  In this example, assume that the local
+Emacs listens on tcp port 12345.  Assume further that
 @file{/home} is on a shared file system, so that the server file
 @file{~/.emacs.d/server/server} is readable on both hosts.
 
 @example
 local$ ssh -R12345:localhost:12345 remote
-remote$ export EDITOR="emacsclient \
-        --server-file=server \
-        --tramp=/ssh:remote:"
+remote$ export EMACS_SERVER_FILE=server
+remote$ export EMACSCLIENT_TRAMP=/ssh:remote:
+remote$ export EDITOR=emacsclient
 remote$ $EDITOR /tmp/foo.txt #Should open in local emacs.
 @end example
 
-- 
2.44.0