On being a difficult user
Nov. 4th, 2008 09:52 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sawylYesterday, our user group rep sent round an email letting us know that the desktop people were going to be changing our xscreensaver configuration files to force the screens to lock after ten minutes of inactivity. And this was going to be enforced by changing the ownership of the file to root, to prevent the users from altering it.
Round about this point you should be thinking what I thought: changing the ownership won't work because the user still owns the parent directory and it's parent directory permissions that determine whether you can delete a file in Unix, not the permissions on the file itself. So I replied to the email in my usual tactful way, suggesting that I might have misunderstood how the permission thing was suppose to work before pointing out the obvious flaw in the design.
Today, my politeness paid dividends and I got a phone call from the group rep who obviously thought he'd got a query from J. Random Luser who didn't understand how ownerships and permissions worked. Out of politeness — I didn't want to interrupt! — I let him run through his spiel until he'd stressed that there was no way a root owned file could be removed before laying into his argument and handing him his head.
He then went off to debate with the desktop people who agreed that, yes, a file could be removed, just as I'd said, so they were going to create a root owned directory with restricted permissions and use that to hold the file, which would prevent the user from deleting the file. I agreed that this would prevent the directory from being deleted, but noted that my original point still held: that because of the permissions on the parent, there was nothing to stop the user from moving the restricted directory to another location and putting their own directory in its place.
After another break to allow the desktop people to think about it some more, I got an email back telling me that, despite their confidence in the original directory solution, they were temporarily postponing their plans in order to allow them to come up with another solution to the problem.
All of which probably means that my username has probably been added to the Big Book of Notoriously Difficult Users. Again. In Red. With underlining. And possibly asterisks.
Round about this point you should be thinking what I thought: changing the ownership won't work because the user still owns the parent directory and it's parent directory permissions that determine whether you can delete a file in Unix, not the permissions on the file itself. So I replied to the email in my usual tactful way, suggesting that I might have misunderstood how the permission thing was suppose to work before pointing out the obvious flaw in the design.
Today, my politeness paid dividends and I got a phone call from the group rep who obviously thought he'd got a query from J. Random Luser who didn't understand how ownerships and permissions worked. Out of politeness — I didn't want to interrupt! — I let him run through his spiel until he'd stressed that there was no way a root owned file could be removed before laying into his argument and handing him his head.
He then went off to debate with the desktop people who agreed that, yes, a file could be removed, just as I'd said, so they were going to create a root owned directory with restricted permissions and use that to hold the file, which would prevent the user from deleting the file. I agreed that this would prevent the directory from being deleted, but noted that my original point still held: that because of the permissions on the parent, there was nothing to stop the user from moving the restricted directory to another location and putting their own directory in its place.
After another break to allow the desktop people to think about it some more, I got an email back telling me that, despite their confidence in the original directory solution, they were temporarily postponing their plans in order to allow them to come up with another solution to the problem.
All of which probably means that my username has probably been added to the Big Book of Notoriously Difficult Users. Again. In Red. With underlining. And possibly asterisks.
