Re: [patch] rm can have undesired side-effects

In <004301c6fbca$33046750$b3db87d4@xxxxxxxxxxxxxxx>, Steven Hartland <killing@xxxxxxxxxxxxxxx> typed:
Mike Meyer wrote:
That maybe the case but does rm -f <file> remove all copies?
Nope so its behaviour is safe even with multiple hardlinks.
Of course it doesn't remove all copies - because there *aren't*
multiple copies. There is only *one* copy, with multiple hardlinks.
You told it to remove one hardlink, and it did that, without caring if
that's the last link or not, and erroring out because you could lose
data if it's the last link.
I think you missed my point. If you had a file with multiple
hardlink rm -f does NOT remove all copies it just decrements
the link count. As such you will never loose data IF it was
just a hardlink.

Actually, rm -f either removes no copies or removes them all, because
there's only one copy. It either gets removed (if this was the last
link) or it doesn't. And you seem to have missed my point. Having a
"destroy this data" option that doesn't do it based on the link count
makes as much sense as having "rm" not remove a link based on the link
count.

My personal preference would be for it to warn or perhaps
error if the link count is not zero. Possibly use -f to
override this but even that I'd say is dangerous.
My personal preference is that the system do what I tell it to. If I
wanted a system that second guessed me and didn't do things that I
told it to because it thought it knew better than I did what I wanted,
I wouldn't be using Unix.
So before every single rm -f you would prefer to have to check
if the link count of every file was > 1 if its defined behaviour
was to "destory" the file, I very much doubt that.

No, because I wouldn't be using "rm -f" if it's behavior is "destroy
the file" but I just wanted it unlinked.

Trying to second guess the user is the wrong thing to do in a system
designed for adults. Yeah, we can check the hard link count, and issue
a warning. This will make scripts that try to be secure fail to do
their job, and we'll add an option to ignore the check (or maybe it'll
go in in the first place) so that we can still write secure scripts -
though they won't be portable.

Then someone will complain because their symlink got clobbered.

<mike
--
Mike Meyer <mwm@xxxxxxxxx> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"