You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've encountered this issue: sindresorhus/trash#92 while trashing something on my /tmp directory, which is placed on the root mount (Ubuntu 20.04 with ZFS support is weird!).
After some investigation I found that this package was returning /.Trash-1000 as the trash directory for that file.
However, even though I have read+write permissions to access /tmp, I don't have write permissions on / without using sudo. /.Trash-1000 doesn't exist either, but it shouldn't matter for this issue.
I realize it's selfish and not cool to just show up on a package that wants to comply to a spec, and ask for a change to stop my build from crashing, so I looked into the spec as well, and noticed it's a bit ambiguous on this topic. Only this paragraph is somewhat related:
When trashing a file or directory, the implementation should check whether the user has the necessary permissions to delete it, before starting the trashing operation itself.
So, while this package is spec-compliant in giving me /.Trash-1000, it's important to consider the package that's going to receive this path. Is it going to mkdir -p it and write to it right away, without checking for permissions? Most likely.
If you consider this issue to be worth a fs.access check before returning a path, I'm willing to send a PR (with or without an opt-in flag)
The text was updated successfully, but these errors were encountered:
I've encountered this issue: sindresorhus/trash#92 while trashing something on my
/tmpdirectory, which is placed on the root mount (Ubuntu 20.04 with ZFS support is weird!).After some investigation I found that this package was returning
/.Trash-1000as the trash directory for that file.However, even though I have read+write permissions to access
/tmp, I don't have write permissions on/without using sudo./.Trash-1000doesn't exist either, but it shouldn't matter for this issue.I realize it's selfish and not cool to just show up on a package that wants to comply to a spec, and ask for a change to stop my build from crashing, so I looked into the spec as well, and noticed it's a bit ambiguous on this topic. Only this paragraph is somewhat related:
So, while this package is spec-compliant in giving me
/.Trash-1000, it's important to consider the package that's going to receive this path. Is it going tomkdir -pit and write to it right away, without checking for permissions? Most likely.If you consider this issue to be worth a
fs.accesscheck before returning a path, I'm willing to send a PR (with or without an opt-in flag)The text was updated successfully, but these errors were encountered: