Hi,
This is with a centos 5.3 x86_64 system, using R 2.8.1 (details below).
In a directory where R is invoked, at the end of a session R offers to
"Save workspace image". Replying yes creates/updates at least two files
in the current directory: .Rhistory and .RData.
.Rhistory is created with permissions 0600, therefore it effectively
ignores umask. In particular, .Rhistory cannot be group-readable, which
can be problematic in some environments.
This is not the case for .RData (created 0666, modified by umask as
usual), so I doubt that the .Rhistory permissions are restrictive by design?
If not, it would be better to create .Rhistory 0666 and let the user
control the actual permissions through umask.
Regards,
Nicolas Thierry-Mieg
*****************************
Steps to reproduce:
[nthierry at tryo ~]$ mkdir ttt
[nthierry at tryo ~]$ cd ttt
[nthierry at tryo ttt]$ R
<snip copyright and greeting message>
> y<-3
> q()
Save workspace image? [y/n/c]: y
[nthierry at tryo ttt]$ ls -la
total 20
drwxr-xr-x 2 nthierry timb 4096 Jun 10 16:21 .
drwxr-x--- 80 nthierry timb 4096 Jun 10 15:18 ..
-rw-r--r-- 1 nthierry timb 61 Jun 10 16:21 .RData
-rw------- 1 nthierry timb 9 Jun 10 16:21 .Rhistory
[nthierry at tryo ttt]$
Using strace on the R process shows the following, which seems to
confirm that the problem comes from R itself:
open(".RDataTmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
<snip>
rename(".RDataTmp", ".RData")
open(".Rhistory", O_WRONLY|O_CREAT|O_TRUNC, 0600)
*****************************
> version
platform x86_64-redhat-linux-gnu
arch x86_64
os linux-gnu
system x86_64, linux-gnu
status
major 2
minor 8.1
year 2008
month 12
day 22
svn rev 47281
language R
version.string R version 2.8.1 (2008-12-22)
.Rhistory created with wrong permissions (PR#13752)
4 messages · Nicolas.Thierry-Mieg at imag.fr, Paul Gilbert, Brian Ripley +1 more
Nicolas.Thierry-Mieg at imag.fr wrote:
Hi, This is with a centos 5.3 x86_64 system, using R 2.8.1 (details below). In a directory where R is invoked, at the end of a session R offers to "Save workspace image". Replying yes creates/updates at least two files in the current directory: .Rhistory and .RData. .Rhistory is created with permissions 0600, therefore it effectively ignores umask. In particular, .Rhistory cannot be group-readable, which can be problematic in some environments. This is not the case for .RData (created 0666, modified by umask as usual), so I doubt that the .Rhistory permissions are restrictive by design?
I`m not sure, but it may be by design. For example, users sometimes use passwords to connections, which one might not want accidentally recorded in a readable file. Paul
If not, it would be better to create .Rhistory 0666 and let the user control the actual permissions through umask. Regards, Nicolas Thierry-Mieg ***************************** Steps to reproduce: [nthierry at tryo ~]$ mkdir ttt [nthierry at tryo ~]$ cd ttt [nthierry at tryo ttt]$ R <snip copyright and greeting message>
> y<-3 > q()
Save workspace image? [y/n/c]: y
[nthierry at tryo ttt]$ ls -la
total 20
drwxr-xr-x 2 nthierry timb 4096 Jun 10 16:21 .
drwxr-x--- 80 nthierry timb 4096 Jun 10 15:18 ..
-rw-r--r-- 1 nthierry timb 61 Jun 10 16:21 .RData
-rw------- 1 nthierry timb 9 Jun 10 16:21 .Rhistory
[nthierry at tryo ttt]$
Using strace on the R process shows the following, which seems to
confirm that the problem comes from R itself:
open(".RDataTmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
<snip>
rename(".RDataTmp", ".RData")
open(".Rhistory", O_WRONLY|O_CREAT|O_TRUNC, 0600)
*****************************
> version
platform x86_64-redhat-linux-gnu arch x86_64 os linux-gnu system x86_64, linux-gnu status major 2 minor 8.1 year 2008 month 12 day 22 svn rev 47281 language R version.string R version 2.8.1 (2008-12-22)
______________________________________________ R-devel at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
====================================================================================
La version fran?aise suit le texte anglais.
------------------------------------------------------------------------------------
This email may contain privileged and/or confidential in...{{dropped:26}}
Yes, it is by design, and not R's design at that. How (or if) the history is saved is determined by the GUI interface in use. In this case it appears to be command-line R built with readline support, in which case the saving is done by readline's write_history. And although the history.info manual does not say so, it does open files with pemissions 0600 (and there is no provison to change this). To claim 'wrong permissions' implies that you 'know for certain' what the permissions should be -- I don't now how you can know them unless you can point to documentation that asserts the correct value as something different.
On Wed, 10 Jun 2009, Paul Gilbert wrote:
Nicolas.Thierry-Mieg at imag.fr wrote:
Hi, This is with a centos 5.3 x86_64 system, using R 2.8.1 (details below). In a directory where R is invoked, at the end of a session R offers to "Save workspace image". Replying yes creates/updates at least two files in the current directory: .Rhistory and .RData. .Rhistory is created with permissions 0600, therefore it effectively ignores umask. In particular, .Rhistory cannot be group-readable, which can be problematic in some environments. This is not the case for .RData (created 0666, modified by umask as usual), so I doubt that the .Rhistory permissions are restrictive by design?
I`m not sure, but it may be by design. For example, users sometimes use passwords to connections, which one might not want accidentally recorded in a readable file. Paul
If not, it would be better to create .Rhistory 0666 and let the user control the actual permissions through umask. Regards, Nicolas Thierry-Mieg ***************************** Steps to reproduce: [nthierry at tryo ~]$ mkdir ttt [nthierry at tryo ~]$ cd ttt [nthierry at tryo ttt]$ R <snip copyright and greeting message>
> y<-3 > q()
Save workspace image? [y/n/c]: y [nthierry at tryo ttt]$ ls -la total 20 drwxr-xr-x 2 nthierry timb 4096 Jun 10 16:21 . drwxr-x--- 80 nthierry timb 4096 Jun 10 15:18 .. -rw-r--r-- 1 nthierry timb 61 Jun 10 16:21 .RData -rw------- 1 nthierry timb 9 Jun 10 16:21 .Rhistory [nthierry at tryo ttt]$ Using strace on the R process shows the following, which seems to confirm that the problem comes from R itself:
Not at all: it comes from a library R uses.
open(".RDataTmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
<snip>
rename(".RDataTmp", ".RData")
open(".Rhistory", O_WRONLY|O_CREAT|O_TRUNC, 0600)
*****************************
> version
platform x86_64-redhat-linux-gnu arch x86_64 os linux-gnu system x86_64, linux-gnu status major 2 minor 8.1 year 2008 month 12 day 22 svn rev 47281 language R version.string R version 2.8.1 (2008-12-22)
______________________________________________ R-devel at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
====================================================================================
La version fran?aise suit le texte anglais.
------------------------------------------------------------------------------------
This email may contain privileged and/or confidential in...{{dropped:26}}
______________________________________________ R-devel at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
Brian D. Ripley, ripley at stats.ox.ac.uk Professor of Applied Statistics, http://www.stats.ox.ac.uk/~ripley/ University of Oxford, Tel: +44 1865 272861 (self) 1 South Parks Road, +44 1865 272866 (PA) Oxford OX1 3TG, UK Fax: +44 1865 272595
Prof Brian Ripley wrote:
Yes, it is by design, and not R's design at that. How (or if) the history is saved is determined by the GUI interface in use. In this case it appears to be command-line R built with readline support, in which case the saving is done by readline's write_history. And although the history.info manual does not say so, it does open files with pemissions 0600 (and there is no provison to change this).
OK, undocumented feature of a library R links to. Thanks for explaining.
To claim 'wrong permissions' implies that you 'know for certain' what the permissions should be -- I don't now how you can know them unless you can point to documentation that asserts the correct value as something different.
Woah! No need to get snappy or pedantic. There's no documentation one way or the other, so "wrong" has to be relative to standard procedure. There's no documentation saying R doesn't "rm -rf /" on full moons, but one still expects that it doesn't. Most programs create files 0666 modified by umask, except if there's a good reason to restrict things. 0666 is also what fopen does when creating a file. Furthermore .RData is created 0666, and I didn't think a user's history was more sensitive than his data, so I thought .Rhistory should be 0666 as well. Paul's answer about passwords clears that up. OK, I should have written "unusual permissions". And I realize now that I should have posted to r-devel instead of submitting a bug. Sorry for the noise, I'm new to R. Regards, Nicolas Thierry-Mieg
On Wed, 10 Jun 2009, Paul Gilbert wrote:
Nicolas.Thierry-Mieg at imag.fr wrote:
Hi, This is with a centos 5.3 x86_64 system, using R 2.8.1 (details below). In a directory where R is invoked, at the end of a session R offers to "Save workspace image". Replying yes creates/updates at least two files in the current directory: .Rhistory and .RData. .Rhistory is created with permissions 0600, therefore it effectively ignores umask. In particular, .Rhistory cannot be group-readable, which can be problematic in some environments. This is not the case for .RData (created 0666, modified by umask as usual), so I doubt that the .Rhistory permissions are restrictive by design?
I`m not sure, but it may be by design. For example, users sometimes use passwords to connections, which one might not want accidentally recorded in a readable file. Paul
If not, it would be better to create .Rhistory 0666 and let the user control the actual permissions through umask. Regards, Nicolas Thierry-Mieg
<snip>