bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Vincent Lefevre-10

Original bug report:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891063

In summary:

Just after one logs in, does a "su" and runs Emacs, Emacs writes
dconf files in a non-root user's /run/user/XXX directory (related
to DBUS_SESSION_BUS_ADDRESS or XDG_RUNTIME_DIR). I got:

zira:~> ll /run/user/1000
total 0
srw-rw-rw- 1 vinc17 vinc17   0 2018-02-22 04:02:21 bus=
drwx------ 3 vinc17 vinc17  60 2018-02-22 04:02:21 dbus-1/
drwx------ 2 root   root    60 2018-02-22 04:02:32 dconf/
             ^^^^^^^^^^^
drwx------ 2 vinc17 vinc17 140 2018-02-22 04:02:21 gnupg/
drwx------ 2 vinc17 vinc17  40 2018-02-22 04:03:28 gvfs/
drwx------ 2 vinc17 vinc17  80 2018-02-22 04:02:21 pulse/
drwxr-xr-x 2 vinc17 vinc17  80 2018-02-22 04:02:21 systemd/

Unsurprisingly, this then yields issues when one runs Emacs
as a normal user:

(emacs:8958): dconf-CRITICAL **: unable to create file '/run/user/1000/dconf/user': Permission denied.  dconf will not work properly.
[...]

Emacs should never create files/directories if the user hasn't
explicitly asked it to do that, in particular if this is under
a directory owned by a different user.



In GNU Emacs 25.2.2 (x86_64-pc-linux-gnu, GTK+ Version 3.22.30)
 of 2018-07-11, modified by Debian built on x86-ubc-01
Windowing system distributor 'The X.Org Foundation', version 11.0.12000000
System Description: Debian GNU/Linux stable-updates (sid)

Configured using:
 'configure --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --with-pop=yes
 --enable-locallisppath=/etc/emacs25:/etc/emacs:/usr/local/share/emacs/25.2/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/25.2/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --build x86_64-linux-gnu
 --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --with-pop=yes
 --enable-locallisppath=/etc/emacs25:/etc/emacs:/usr/local/share/emacs/25.2/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/25.2/site-lisp:/usr/share/emacs/site-lisp
 --with-sound=alsa --without-gconf --with-x=yes --with-x-toolkit=gtk3
 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
 -fdebug-prefix-map=/build/emacs25-cfFROJ/emacs25-25.2+1=.
 -fstack-protector-strong -Wformat -Werror=format-security -Wall'
 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' LDFLAGS=-Wl,-z,relro'

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GSETTINGS NOTIFY
ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11

Important settings:
  value of $LC_COLLATE: POSIX
  value of $LC_CTYPE: en_US.UTF-8
  value of $LC_TIME: en_DK
  value of $LANG: POSIX
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  display-time-mode: t
  show-paren-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent messages:
Loading /etc/emacs/site-start.d/50latex-cjk-common.el (source)...done
Loading /etc/emacs/site-start.d/50latex-cjk-thai.el (source)...done
Loading /etc/emacs/site-start.d/50psvn.el (source)...done
Loading /etc/emacs/site-start.d/50python-docutils.el (source)...done
Loading /etc/emacs/site-start.d/50rnc-mode.el (source)...done
Loading /etc/emacs/site-start.d/50texlive-lang-english.el (source)...done
Loading /etc/emacs/site-start.d/50why3.el (source)...done
Loading /home/vinc17/share/emacs/site-lisp/mutteditor.el (source)...done
Loading time...done
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
/usr/share/emacs/25.2/site-lisp/why3 hides /usr/share/emacs/site-lisp/why3
/usr/share/emacs/25.2/site-lisp/debian-startup hides /usr/share/emacs/site-lisp/debian-startup
/usr/share/emacs25/site-lisp/cmake-data/cmake-mode hides /usr/share/emacs/site-lisp/cmake-mode
/usr/share/emacs/site-lisp/rst hides /usr/share/emacs/25.2/lisp/textmodes/rst
/usr/share/emacs25/site-lisp/latex-cjk-thai/thai-word hides /usr/share/emacs/25.2/lisp/language/thai-word

Features:
(shadow sort mail-extr warnings emacsbug message dired format-spec
rfc822 mml mml-sec password-cache epg epg-config gnus-util mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
sendmail rfc2047 rfc2045 ietf-drums mm-util help-fns help-mode easymenu
mail-prsvr mail-utils time cus-start cus-load paren cc-styles cc-align
cc-engine cc-vars cc-defs edmacro kmacro cl-loaddefs pcase cl-lib
time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel x-win term/common-win x-dnd tool-bar dnd fontset
image regexp-opt fringe tabulated-list newcomment elisp-mode lisp-mode
prog-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cl-generic cham
georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese charscript case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer cl-preloaded nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote dbusbind inotify dynamic-setting
system-font-setting font-render-setting move-toolbar gtk x-toolkit x
multi-tty make-network-process emacs)

Memory information:
((conses 16 107170 5004)
 (symbols 48 22452 0)
 (miscs 40 55 113)
 (strings 32 20688 4143)
 (string-bytes 1 602044)
 (vectors 16 12882)
 (vector-slots 8 443217 3065)
 (floats 8 171 101)
 (intervals 56 267 0)
 (buffers 976 18))



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Eli Zaretskii
> From: Vincent Lefevre <[hidden email]>
> Date: Fri, 10 Aug 2018 11:30:09 +0200
>
> Emacs should never create files/directories if the user hasn't
> explicitly asked it to do that

I don't agree with this principle, not in this general form.  (The "in
a directory owned by another user" part, to which I think I agree, as
written, was not a qualification for this general statement, so it
doesn't count for the purposes of the principle itself.)

As just one random example of what Emacs "should never do", we write
the customizations to a file "without the user's explicit request".



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Noam Postavsky
In reply to this post by Vincent Lefevre-10
Vincent Lefevre <[hidden email]> writes:

> Emacs should never create files/directories if the user hasn't
> explicitly asked it to do that, in particular if this is under
> a directory owned by a different user.

Does it help if you ./configure --without-gsettings?

(maybe it should default to off, I'm not sure what gsettings is actually
good for apart from causing bugs, e.g., #25228)




Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Eli Zaretskii
> From: Noam Postavsky <[hidden email]>
> Date: Fri, 10 Aug 2018 08:28:49 -0400
> Cc: [hidden email]
>
> Vincent Lefevre <[hidden email]> writes:
>
> > Emacs should never create files/directories if the user hasn't
> > explicitly asked it to do that, in particular if this is under
> > a directory owned by a different user.
>
> Does it help if you ./configure --without-gsettings?

So you are saying that it's the Gsettings functions that write to that
directory, outside of Emacs's control?

> (maybe it should default to off, I'm not sure what gsettings is actually
> good for apart from causing bugs, e.g., #25228)

I might agree, but then won't too many users be annoyed by Emacs not
following desktop-wide customizations?



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Vincent Lefevre-10
In reply to this post by Eli Zaretskii
On 2018-08-10 15:17:26 +0300, Eli Zaretskii wrote:

> > From: Vincent Lefevre <[hidden email]>
> > Date: Fri, 10 Aug 2018 11:30:09 +0200
> >
> > Emacs should never create files/directories if the user hasn't
> > explicitly asked it to do that
>
> I don't agree with this principle, not in this general form.  (The "in
> a directory owned by another user" part, to which I think I agree, as
> written, was not a qualification for this general statement, so it
> doesn't count for the purposes of the principle itself.)
>
> As just one random example of what Emacs "should never do", we write
> the customizations to a file "without the user's explicit request".

I don't understand why there is anything to write if the user
hasn't customized anything. And if the user introduces some
customization, then this can be regarded as an explicit write
operation (due to the action of the user in this sense).

--
Vincent Lefèvre <[hidden email]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Eli Zaretskii
> Date: Fri, 10 Aug 2018 14:57:58 +0200
> From: Vincent Lefevre <[hidden email]>
> Cc: [hidden email]
>
> > > Emacs should never create files/directories if the user hasn't
> > > explicitly asked it to do that
> >
> > I don't agree with this principle, not in this general form.  (The "in
> > a directory owned by another user" part, to which I think I agree, as
> > written, was not a qualification for this general statement, so it
> > doesn't count for the purposes of the principle itself.)
> >
> > As just one random example of what Emacs "should never do", we write
> > the customizations to a file "without the user's explicit request".
>
> I don't understand why there is anything to write if the user
> hasn't customized anything.

That was just an example of something that doesn't explicitly ask for
writing a file.  Another example is Eshell: when it exits, it writes
files in the ~/.eshell directory.

More generally, certain Emacs features might write files "without user
explicitly asking" as part of providing some feature that needs to be
persistent between sessions.  I think that's quite allright, which is
why I disagree with the general principle you were trying to
establish.

> And if the user introduces some customization, then this can be
> regarded as an explicit write operation (due to the action of the
> user in this sense).

Well, in that case, let's regard user using dconf as an explicit write
permission ;-)

Seriously, though: if your principle can be subverted in some
situations, then we need to define what situations are those.  In
particular, how is what you report different from what Eshell does on
exit?



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Vincent Lefevre-10
In reply to this post by Noam Postavsky
On 2018-08-10 08:28:49 -0400, Noam Postavsky wrote:
> Vincent Lefevre <[hidden email]> writes:
>
> > Emacs should never create files/directories if the user hasn't
> > explicitly asked it to do that, in particular if this is under
> > a directory owned by a different user.
>
> Does it help if you ./configure --without-gsettings?

Yes, this solves the problem (according to strace).

--
Vincent Lefèvre <[hidden email]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Vincent Lefevre-10
In reply to this post by Eli Zaretskii
On 2018-08-10 16:47:17 +0300, Eli Zaretskii wrote:
> That was just an example of something that doesn't explicitly ask for
> writing a file.  Another example is Eshell: when it exits, it writes
> files in the ~/.eshell directory.

If you mean that it writes the history, then that's a usual shell
thing, so that's OK. BTW, that's probably one of the reasons why
"su" redefines HOME to the target user home directory by default.

I suppose that caches could be OK too as long as they are written
in a "safe" place.

> More generally, certain Emacs features might write files "without user
> explicitly asking" as part of providing some feature that needs to be
> persistent between sessions.  I think that's quite allright, which is
> why I disagree with the general principle you were trying to
> establish.

Perhaps.

But, for instance, writing a default .emacs would not be OK and would
require at least user confirmation.

> > And if the user introduces some customization, then this can be
> > regarded as an explicit write operation (due to the action of the
> > user in this sense).
>
> Well, in that case, let's regard user using dconf as an explicit write
> permission ;-)
>
> Seriously, though: if your principle can be subverted in some
> situations, then we need to define what situations are those.  In
> particular, how is what you report different from what Eshell does on
> exit?

So, perhaps this should be on a case by case basis. I don't know about
dconf, but in that case, this doesn't seem to be correct. And if not
writing under $HOME, I think that the owner of the directory should be
checked in some cases.

--
Vincent Lefèvre <[hidden email]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Glenn Morris-3
Vincent Lefevre wrote:

> If you mean that it writes the history, then that's a usual shell
> thing, so that's OK.

The behaviour you complain about in the subject line is a usual X thing,
for "modern" (ie non-ancient) desktop applications, as was explained in
the referenced Debian bug reports you were pointed to.

> BTW, that's probably one of the reasons why "su" redefines HOME to the
> target user home directory by default.

And it's one of the reasons why the referenced reports discouraged
running desktop applications under plain "su". I'm sure in one of the
reports someone suggested modifying plain "su".


The specific example of dconf etc is not a bug, it's how these things
work. If you don't like it, use the configure option to disable that
feature (most programs won't give you that option). I think the general
principle of "Emacs should never create files/directories if the user
hasn't explicitly asked it to do that" is a non-starter.
So this report should be closed wontfix IMO.



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Vincent Lefevre-10
On 2018-08-10 11:41:30 -0400, Glenn Morris wrote:
> Vincent Lefevre wrote:
> > If you mean that it writes the history, then that's a usual shell
> > thing, so that's OK.
>
> The behaviour you complain about in the subject line is a usual X thing,
> for "modern" (ie non-ancient) desktop applications, as was explained in
> the referenced Debian bug reports you were pointed to.

But Emacs has been an ancient desktop application. Now, one has a
regression.

> > BTW, that's probably one of the reasons why "su" redefines HOME to the
> > target user home directory by default.
>
> And it's one of the reasons why the referenced reports discouraged
> running desktop applications under plain "su". I'm sure in one of the
> reports someone suggested modifying plain "su".

This would make sense to follow the principle of plain "su"
(e.g. HOME is redefined...).

> The specific example of dconf etc is not a bug, it's how these things
> work. If you don't like it, use the configure option to disable that
> feature (most programs won't give you that option). I think the general
> principle of "Emacs should never create files/directories if the user
> hasn't explicitly asked it to do that" is a non-starter.
> So this report should be closed wontfix IMO.

I'm using Debian's package. So, you are saying that Debian should
use this option?

--
Vincent Lefèvre <[hidden email]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Eli Zaretskii
In reply to this post by Glenn Morris-3
> From: Glenn Morris <[hidden email]>
> Cc: Eli Zaretskii <[hidden email]>,  [hidden email]
> Date: Fri, 10 Aug 2018 11:41:30 -0400
>
> So this report should be closed wontfix IMO.

I tend to agree.  This report seems to be about standard behavior of
desktop-aware applications.  Emacs just behaves like any other app
does in this case.  And the code which determines this behavior is not
in Emacs.



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Noam Postavsky
In reply to this post by Eli Zaretskii
Eli Zaretskii <[hidden email]> writes:

>> Does it help if you ./configure --without-gsettings?

>> (maybe it should default to off, I'm not sure what gsettings is actually
>> good for apart from causing bugs, e.g., #25228)
>
> I might agree, but then won't too many users be annoyed by Emacs not
> following desktop-wide customizations?

Hmm, yeah, we would need at least some feedback from users who actually
use a full desktop environment (GNOME, I guess?) before changing this.
For myself, I just run a simple window manager, so the concept of
"desktop-wide customization" is fairly meaningless on my system.




Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Noam Postavsky
In reply to this post by Vincent Lefevre-10
tags 32413 notabug
close 32413
quit

>> The specific example of dconf etc is not a bug, it's how these things
>> work. If you don't like it, use the configure option to disable that
>> feature (most programs won't give you that option). I think the general
>> principle of "Emacs should never create files/directories if the user
>> hasn't explicitly asked it to do that" is a non-starter.
>> So this report should be closed wontfix IMO.
>
> I'm using Debian's package. So, you are saying that Debian should
> use this option?

You should either stop using Debian's package (since you don't like the
options they choose), or see if you can convince them to use that
option.

I think it's clear enough that ./configure --without-gsettings is as
much of a fix as there's ever going to be, so I'm closing this bug.




Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Andreas Schwab-2
On Aug 12 2018, Noam Postavsky <[hidden email]> wrote:

> You should either stop using Debian's package (since you don't like the
> options they choose), or see if you can convince them to use that
> option.

Or maybe even better, use Tramp instead of running Emacs as root.

Andreas.

--
Andreas Schwab, [hidden email]
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."



Reply | Threaded
Open this post in threaded view
|

bug#32413: 25.2; When run as root, emacs writes dconf files in a non-root user's /run/user/XXX directory

Glenn Morris-3
In reply to this post by Vincent Lefevre-10
Vincent Lefevre wrote:

> I'm using Debian's package. So, you are saying that Debian should
> use this option?

No. IMO the Debian bug should also be closed wontfix.