On Sun, 08.01.17 19:16, David Faure ([email protected]) wrote: > http://standards.freedesktop.org/basedir-spec/latest says > > „The directory MUST be owned by the user, and he MUST be the only one having > read and write access to it. Its Unix access mode MUST be 0700.“ > > However this is unclear in terms of who is responsible for these "MUST". > > Should an application (or library), which wants to use XDG_RUNTIME_DIR, check > these ownership/permission requirements before using it, or are these > constraints simply for the piece of code that sets XDG_RUNTIME_DIR and then > apps can just use it without checking? > > Based on the outcome I'll make a patch for the spec, since it seems unclear > right now.
When I wrote this I always had in mind that the component setting XDG_RUNTIME_DIR is responsible for preparating the dir the right way, and that apps may simply trust that the dir is properly set up when they see the environment variable set. That said, people do weird stuff with su/sudo. It might or might not make sense for apps to superficially check ownership of the dir before using it. However I am very sure apps should never try to "fix" it it doesn't match their expectations, as that most likely would make things worse, not better in such su/sudo setups. Lennart -- Lennart Poettering, Red Hat _______________________________________________ xdg mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/xdg
