bug#44217: bug#44216: 28.0.50; Incorret during delete in Tramp: Trashing...done

[Michael Albinus]

Lars Ingebrigtsen <larsi@gnus.org> writes:

Hi Lars,

>> No, for Tramp it is different. You move the file from one machine to
>> another. And you change the ownership: one file accessible only by root
>> on one system, is then accessible by whomever on another machine, in the
>> waste basket. That is a much more serious security flaw, and it would be
>> unexpected for the majority of the users.
>
> I don't see the difference (except as a matter of practicality; that it
> would be slow).  If you've NFS-mounted (or SMB or whatever) a file
> system, and you delete it in Emacs, Emacs will move it to the trash can
> you've specified (if you've specified that Emacs should do so).
>
> But remote files accessed via Tramp don't do this, and that's unexpected
> (as demonstrated by this bug report).

That's true.

>> For that reason, it is common practice to provide one waste basket on
>> every physical file system, even for different file systems accessible
>> on the same machine (aka "mounted").
>
> I've never seen such a system -- any OS I've used that has had a trash
> can has had only one trash can (per user), as far as I can recall.

The Trash specification
<https://specifications.freedesktop.org/trash-spec/trashspec-latest.html>
says

The “home trash” SHOULD function as the user's main trash directory. [...]
An implementation [...] MAY also choose to provide trashing in the “top
directories” of some or all mounted resources.

>>> Directory for ‘move-file-to-trash’ to move files and directories to.
>>> This directory is used only when the function ‘system-move-file-to-trash’
>>> is not defined.
>>> Relative paths are interpreted relative to ‘default-directory’.
>>> If the value is nil, Emacs uses a freedesktop.org-style trashcan.
>>
>> It says it indirectly, because move-file-to-trash is intended for local
>> operation only.
>
> So if you know something that's not documented about move-file-to-trash,
> then you can indirectly interpret this correctly?  That's a roundabout
> way of saying "indeed, this isn't documented at all".  :-/

I stand corrected, move-file-to-trash works also for remote
files. However, the result might be surprising. I've created a test file
on a remote machine, "/ssh:ford:/tmp/aaa". Then I have called
move-file-to-trash over this file. As expected, the file is removed on
the remote machine, and it appears as "~/.local/share/Trash/files/aaa".
However, in "~/.local/share/Trash/info/aaa.trashinfo" there is

Path=/ssh%3aford%3a/tmp/aaa

This will be unexpected, at least for tools which try to restore trashed
files.

However, perhaps Tramp shall call move-file-to-trash when deleting
remote files, argument TRASH and variable delete-by-moving-to-trash are
non-nil? Instead of calling the remote trash command?

Best regards, Michael.