Bug 312415

Summary: KSaveFile: Unable to save file (777 permission) when the directory have 444
Product: [Unmaintained] kdelibs Reporter: Emmanuel Lepage Vallée <emmanuel.lepage>
Component: kdecoreAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: major CC: adaptee, christoph, deri, elektorronikci, faure, kirill.bogdanenko, retratserif, travneff
Priority: NOR    
Version: Git   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: http://commits.kde.org/kate/2aaf9df6582f3be1c6eefd857f9c5f8f2d95a93b Version Fixed In: 4.10.3
Sentry Crash Report:

Description Emmanuel Lepage Vallée 2012-12-31 04:04:58 UTC 
It is not possible to save a file in Kate in, let say, /usr/share/ unless you give ownership of the directory to the user instantiating kate or give plain 777 permission to the directory.

Saving a file should take into account if a) the file is accessible and b) the file have the correct write permission. All other editors can save that file, but kate give a nice.

"The document could not be saved, as it was not possible to write to /usr/share/awesome/lib/awful/widget/common.lua.

Check that you have write access to this file or that enough disk space is available."

This is obviously wrong, because both conditions are ok. I tried with many different files and folder/

Reproducible: Always

Steps to Reproduce:
1.  su - 
2. mkdir /tmp/katetest
3. touch   /tmp/katetest/file.txt
4.  chmod 777    /tmp/katetest/file.txt
5. exit
6. kate /tmp/katetest/file.txt
7. ctrl+s

Actual Results:  
An error

Expected Results:  
The file being correctly saved

I give "major" severity because it create security flaw when a user have to give more permissions than necessary to do a basic operation.
Comment 1 Dominik Haumann 2013-02-20 12:42:03 UTC 
This is because we use KSaveFile in Kate::TextBuffer::save():
  KSaveFile saveFile (filename);
  if (!saveFile.open())
    return false;

KSaveFile first saves under a different name, and finally renames on successful safe.

Obviously, since the directory owner is root with permissions rwxr-xr-x, the temporary file cannot be created.

Possible solutions:
1. KSaveFile should handle this special case (save to another folder, then move; or overwrite directly)
2. Kate Part needs to work around this.
Comment 2 Pyroman 2013-03-06 19:29:52 UTC 
(In reply to comment #1)
> Possible solutions:
> 1. KSaveFile should handle this special case (save to another folder, then
> move; or overwrite directly)
> 2. Kate Part needs to work around this.
Why not to use /var/tmp/kdecache-$USER directory for temporary file and then overwrite the original file from it?
Comment 3 Pyroman 2013-03-06 19:35:12 UTC 
There is also another problem with it, described in this bugreport: https://bugs.kde.org/show_bug.cgi?id=316234
Comment 4 Emmanuel Lepage Vallée 2013-03-06 19:39:00 UTC 
>Why not to use /var/tmp/kdecache-$USER directory for temporary file and then overwrite the original file from it?
/tmp is not on the same device, so saving it there by default would end up requireing copies done to the original directory. A power loss during this would risk damaging date. A "move" operation, doesn't copy content, it just change the pointer. I guess save&move in the right directory is right, but not perfect.
Comment 5 Dominik Haumann 2013-03-06 20:01:16 UTC 
Emmanuel is correct: Saving to tmp may be on another device. In that case, we could directly overwrite the file as well, since whether Kate or the cp-process damages the data does not make a difference...
Comment 6 Dominik Haumann 2013-03-06 20:01:28 UTC 
*** Bug 316234 has been marked as a duplicate of this bug. ***
Comment 7 David Faure 2013-03-24 10:09:43 UTC 
OK, implemented "overwrite directly", as a fallback solution for this to work.

https://codereview.qt-project.org/52059
Comment 8 David Faure 2013-04-04 17:50:28 UTC 
Git commit 4c59b6a716ca750e024b910f28e0263d07dae2f1 by David Faure.
Committed on 04/04/2013 at 19:53.
Pushed by dfaure into branch 'KDE/4.10'.

KSaveFile: add setDirectWriteFallback().

This is a backport of https://codereview.qt-project.org/52059
which does the same in QSaveFile for Qt 5.1

M  +48   -26   kdecore/io/ksavefile.cpp
M  +34   -0    kdecore/io/ksavefile.h
M  +84   -0    kdecore/tests/ksavefiletest.cpp
M  +3    -0    kdecore/tests/ksavefiletest.h

http://commits.kde.org/kdelibs/4c59b6a716ca750e024b910f28e0263d07dae2f1
Comment 9 Christoph Cullmann 2013-04-04 20:44:37 UTC 
Git commit 2aaf9df6582f3be1c6eefd857f9c5f8f2d95a93b by Christoph Cullmann.
Committed on 04/04/2013 at 22:42.
Pushed by cullmann into branch 'master'.

allow fallback for ksavefile
allow save in dirs without write rights

M  +13   -0    part/buffer/katetextbuffer.cpp

http://commits.kde.org/kate/2aaf9df6582f3be1c6eefd857f9c5f8f2d95a93b
Comment 10 Deri James 2013-05-22 22:37:42 UTC 
*** Bug 320142 has been marked as a duplicate of this bug. ***
Comment 11 Dominik Haumann 2013-08-13 15:54:38 UTC 
*** Bug 318462 has been marked as a duplicate of this bug. ***