GNOME Bugzilla – Bug 773937
Add admin backend support
Last modified: 2016-11-21 14:58:38 UTC
.
Created attachment 339108 [details] [review] mime-actions: support admin backend Until now Nautilus was not able to handle files where the user had no permissions. An error was reported. The only way for a user to handle those files were to start Nautilus with sudo, which is something that shoudl be avoided for security reasons. On Wayland, is not even possible to launch an application with sudo, so this is no longer available and therefor no way to handle files with no permissions. On 3.22 gvfs added an admin backend with integration with Polkit, so a file withouth permissions can be accessed using this backend if the user has the root password. Add support for the admin backend in Nautilus, where a file will be opened using it if cannot be read. There still work to do, basically implement the operations with this backend too and refactor the code to be able to open from nautilus application command line also a file withouth permissions.
Created attachment 339109 [details] [review] mime-actions: modernize code
Review of attachment 339108 [details] [review]: The code looks good to me, but I have some concerns. ::: src/nautilus-mime-actions.c @@ +1847,3 @@ uri = nautilus_file_get_activation_uri (file); + location = g_file_new_for_uri (uri); + if (g_file_is_native (location) && !nautilus_file_can_read (file)) What about the executable bit on directories? Should we care about that? While it does not report an error, the contents are not readable, and, subsequently, the user still gets an error when trying to activate them.
(In reply to Ernestas Kulik from comment #3) > Review of attachment 339108 [details] [review] [review]: > > The code looks good to me, but I have some concerns. > > ::: src/nautilus-mime-actions.c > @@ +1847,3 @@ > uri = nautilus_file_get_activation_uri (file); > + location = g_file_new_for_uri (uri); > + if (g_file_is_native (location) && !nautilus_file_can_read > (file)) > > What about the executable bit on directories? Should we care about that? > While it does not report an error, the contents are not readable, and, > subsequently, the user still gets an error when trying to activate them. Nevermind, I just executed “chmod -x” on it. Not even root has the perm.
okay, so, I’ll illustrate it I have a folder, owned by root 744 are the perms I go in, the contents are displayed, but unreadable there is a directory inside and I can’t access it with the patch, that is csoriano_ ernestask: you can't access it as in, when you try to open it, it says no permissions? ernestask yes and the child directory is owned by me and has all the necessary permissions csoriano_ ernestask: is the address okay? can you check in the pathbar? ernestask yup well, what should I see? just the path to it? csoriano_ ernestask: admin:/// yes ernestask oh, no no admin prefix csoriano_ aha uf that's a hard situation... ernestask so I take it we need to add it for directories with no executable bit set ernestask shrug. csoriano_ no, the problem is that admin:/// has access to everything. once you find a file that has regular permissions, then you will switch to the regular mode, but one of your parents doesn't have permissions, so... you cannot really do that
Basically we need to check the permissions of all the parents of the file
or... make clear the start/end of admin mode, and ask for explicit change to regular mode from the user. In that case, we just have to check whether the current file have permissions or if we are already in admin:///
Review of attachment 339109 [details] [review]: I think we could work this in anyway, but it depends on the previous patch. :/ ::: src/nautilus-mime-actions.c @@ +1733,3 @@ if (parameters->activation_directory && + (launch_files->head != NULL || + launch_in_terminal_files->head != NULL)) You are checking if the queues are not empty, right? What about “g_queue_is_empty ()” in that case? @@ +1887,3 @@ open_files = TRUE; + if (g_queue_get_length (open_in_app_uris) != 0 && Same here.
Created attachment 339602 [details] [review] mime-actions: support admin backend Until now Nautilus was not able to handle files where the user had no permissions. An error was reported. The only way for a user to handle those files were to start Nautilus with sudo, which is something that shoudl be avoided for security reasons. On Wayland, is not even possible to launch an application with sudo, so this is no longer available and therefor no way to handle files with no permissions. On 3.22 gvfs added an admin backend with integration with Polkit, so a file withouth permissions can be accessed using this backend if the user has the root password. Add support for the admin backend in Nautilus, where a file will be opened using it if cannot be read. There still work to do, basically implement the operations with this backend too and refactor the code to be able to open from nautilus application command line also a file withouth permissions.
Created attachment 339603 [details] [review] mime-actions: modernize code
I check wheter we are in admin:/// already and then continue using admin if that's the case, what do you think? This should cover all the cases, and we will figure out how to get out of admin backend in the future with designers.
(In reply to Ernestas Kulik from comment #8) > Review of attachment 339109 [details] [review] [review]: > > I think we could work this in anyway, but it depends on the previous patch. > :/ > > ::: src/nautilus-mime-actions.c > @@ +1733,3 @@ > if (parameters->activation_directory && > + (launch_files->head != NULL || > + launch_in_terminal_files->head != NULL)) > > You are checking if the queues are not empty, right? > What about “g_queue_is_empty ()” in that case? > > @@ +1887,3 @@ > open_files = TRUE; > > + if (g_queue_get_length (open_in_app_uris) != 0 && > > Same here. Good point! My latest attached patch does it like you propose.
(In reply to Carlos Soriano from comment #11) > I check wheter we are in admin:/// already and then continue using admin if > that's the case, what do you think? This should cover all the cases, and we > will figure out how to get out of admin backend in the future with designers. But the thing is that in the case I described, Nautilus never enters admin “mode”.
(In reply to Ernestas Kulik from comment #13) > (In reply to Carlos Soriano from comment #11) > > I check wheter we are in admin:/// already and then continue using admin if > > that's the case, what do you think? This should cover all the cases, and we > > will figure out how to get out of admin backend in the future with designers. > > But the thing is that in the case I described, Nautilus never enters admin > “mode”. right, let me take a look at that
Created attachment 339812 [details] [review] mime-actions: support admin backend Until now Nautilus was not able to handle files where the user had no permissions. An error was reported. The only way for a user to handle those files were to start Nautilus with sudo, which is something that shoudl be avoided for security reasons. On Wayland, is not even possible to launch an application with sudo, so this is no longer available and therefor no way to handle files with no permissions. On 3.22 gvfs added an admin backend with integration with Polkit, so a file withouth permissions can be accessed using this backend if the user has the root password. Add support for the admin backend in Nautilus, where a file will be opened using it if cannot be read. There still work to do, basically implement the operations with this backend too and refactor the code to be able to open from nautilus application command line also a file withouth permissions.
Created attachment 339813 [details] [review] mime-actions: modernize code
Sorry I misunderstood your comment 3, you are right, just added that to the patch and it should work in the case you pointed out
Review of attachment 339812 [details] [review]: Yup, works now, thanks!
Review of attachment 339813 [details] [review]: Looks good, just one more thing. :p ::: src/nautilus-mime-actions.c @@ +1890,3 @@ open_files = TRUE; + if (g_queue_get_length (open_in_app_uris) != 0 && g_queue_is_empty ()?
Created attachment 340426 [details] [review] mime-actions: support admin backend Until now Nautilus was not able to handle files where the user had no permissions. An error was reported. The only way for a user to handle those files were to start Nautilus with sudo, which is something that shoudl be avoided for security reasons. On Wayland, is not even possible to launch an application with sudo, so this is no longer available and therefor no way to handle files with no permissions. On 3.22 gvfs added an admin backend with integration with Polkit, so a file withouth permissions can be accessed using this backend if the user has the root password. Add support for the admin backend in Nautilus, where a file will be opened using it if cannot be read. There still work to do, basically implement the operations with this backend too and refactor the code to be able to open from nautilus application command line also a file withouth permissions.
Created attachment 340427 [details] [review] mime-actions: modernize code
Changes done, thanks a lot for review Ernestas! Attachment 340426 [details] pushed as 5db7a29 - mime-actions: support admin backend Attachment 340427 [details] pushed as 02ba130 - mime-actions: modernize code