Permissions::readonly() doesn't behave as expected with files #74895
Comments
|
I think the usage of name "read-only" is pretty clear that it implies nobody could write to it, not that the current user cannot write to it (as in read-only file system), but we could possibly improve the documentation to make it clearer. @rustbot modify labels: +T-doc +C-enhancement -C-bug |
rustbot
added
C-enhancement
Yep that's fine, it's pretty complex to work out if something really is readonly especially with ACLs having deny rules etc....
I think it's currently not clear because I interpreted this as "read-only to the calling users context" so making the documentation explicit in what occurs behind the scenes would be good. |
But the doc does not mention about user at all? |
|
I ran into this issue too. It's definitely not clear that Even accounting for the fact that it can't easily check if you are in the relevant group, sometimes having group membership and group write permission is not enough. E.g. to delete a file you need user write permission. It's actually a bit worse than that - the If you It may be too late to change these and honestly it's not clear how you would even fix them (I would say probably ignore the group/other bits). But either way we should definitely add a note saying that these functions almost certainly do not do what you want on Unix, and you should use |
|
Just hit this issue. Needed to check if a file was writeable (equivalent of Fortunately Google put this issue as the second result. Would also be nice for the readonly docs to include an example of how to actually check "can I write to this file?" |
|
@gibfahn The issue on unix systems is posix acls, so you can't actually check very easily :( |
|
Yeah I have now run into that. I ended up with this, no idea if it's correct: /// Checks whether a path to an existing file can be written to.
/// If the file doesn't exist, this function will return false.
pub(crate) fn is_writeable(path: impl AsRef<Path>) -> bool {
File::options()
.write(true)
// Make sure we don't accidentally truncate the file.
.truncate(false)
.open(path.as_ref())
.is_ok()
} |
|
If you are only targeting POSIX, then you should be using the |
|
I would also like this documented, because I (naively) expected this to work for determining whether the current user can write to the file. |
|
Jinx! |
|
@Timmmm I'm happy to merge our PR's or close mine in favour of yours, what do you prefer :) |
|
I'll merge some of yours into mine if that's ok? I think your change is clearer that a) it's Unix-like that it applies to so it includes Mac, and b) the |
|
Sounds great to me :) |
When using the Permissions module on MacOS it doesn't behave as expected. Readonly returns if the file lacks any write bits, rather than returning if the current calling uid/gid can write to the file. This can be seen in the code:
https://github.com/rust-lang/rust/blob/master/library/std/src/sys/unix/fs.rs#L359
This is a bit misleading because the framing of https://doc.rust-lang.org/std/fs/struct.Permissions.html#method.readonly seems to say "an unwritable file" without context which to me I interpretted as "unwritable file - by the current user" not unwriteable by all permission bits.
I'd be happy with a disclaimer on the documentation of readonly to indicate this only checks that no write bits exist on unix so that it's clearer what it's checking for, but I'd also be happy if this function was altered to check 'is it readonly in the current calling context' but I understand that's a really challenging problem in-itself given posix acls etc.
I expected to see this happen: A file as
root:root 640should be readonly == true when called from "william:william"Instead, this happened: The file is listed as "not" readonly even though the current user can not write the file OR the documentation about what readonly() does clearly explains what it is looking for on each operating system.
Thanks!
The text was updated successfully, but these errors were encountered: