[Rd] .Rhistory created with wrong permissions (PR#13752)

Thu Jun 11 19:23:37 CEST 2009

Prof Brian Ripley wrote:
> Yes, it is by design, and not R's design at that.
> 
> How (or if) the history is saved is determined by the GUI interface in 
> use.  In this case it appears to be command-line R built with readline 
> support, in which case the saving is done by readline's write_history. 
> And although the history.info manual does not say so, it does open files 
> with pemissions 0600 (and there is no provison to change this).

OK, undocumented feature of a library R links to.
Thanks for explaining.

> To claim 'wrong permissions' implies that you 'know for certain' what 
> the permissions should be -- I don't now how you can know them unless 
> you can point to documentation that asserts the correct value as 
> something different.

Woah! No need to get snappy or pedantic. There's no documentation one 
way or the other, so "wrong" has to be relative to standard procedure.
There's no documentation saying R doesn't "rm -rf /" on full moons, but 
one still expects that it doesn't.

Most programs create files 0666 modified by umask, except if there's a 
good reason to restrict things.
0666 is also what fopen does when creating a file.
Furthermore .RData is created 0666, and I didn't think a user's history 
was more sensitive than his data, so I thought .Rhistory should be 0666 
as well. Paul's answer about passwords clears that up.

OK, I should have written "unusual permissions".
And I realize now that I should have posted to r-devel instead of 
submitting a bug. Sorry for the noise, I'm new to R.

Regards,
Nicolas Thierry-Mieg

> On Wed, 10 Jun 2009, Paul Gilbert wrote:
> 
>> Nicolas.Thierry-Mieg at imag.fr wrote:
>>> Hi,
>>>
>>>
>>> This is with a centos 5.3 x86_64 system, using R 2.8.1 (details below).
>>>
>>> In a directory where R is invoked, at the end of a session R offers 
>>> to "Save workspace image". Replying yes creates/updates at least two 
>>> files in the current directory: .Rhistory and .RData.
>>> .Rhistory is created with permissions 0600, therefore it effectively 
>>> ignores umask. In particular, .Rhistory cannot be group-readable, 
>>> which can be problematic in some environments.
>>> This is not the case for .RData (created 0666, modified by umask as 
>>> usual), so I doubt that the .Rhistory permissions are restrictive by 
>>> design?
>>>
>> I`m not sure, but it may be by design.  For example, users sometimes 
>> use passwords to connections, which one might not want accidentally 
>> recorded in a readable file.
>>
>> Paul
>>> If not, it would be better to create .Rhistory 0666 and let the user 
>>> control the actual permissions through umask.
>>>
>>> Regards,
>>> Nicolas Thierry-Mieg
>>>
<snip>