From owner-svn-src-head@freebsd.org  Wed Jan  6 07:03:18 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BEF3A6418C;
 Wed,  6 Jan 2016 07:03:18 +0000 (UTC)
 (envelope-from brde@optusnet.com.au)
Received: from mail110.syd.optusnet.com.au (mail110.syd.optusnet.com.au
 [211.29.132.97])
 by mx1.freebsd.org (Postfix) with ESMTP id 606A219E3;
 Wed,  6 Jan 2016 07:03:17 +0000 (UTC)
 (envelope-from brde@optusnet.com.au)
Received: from c211-30-166-197.carlnfd1.nsw.optusnet.com.au
 (c211-30-166-197.carlnfd1.nsw.optusnet.com.au [211.30.166.197])
 by mail110.syd.optusnet.com.au (Postfix) with ESMTPS id 991BE784CAF;
 Wed,  6 Jan 2016 17:40:17 +1100 (AEDT)
Date: Wed, 6 Jan 2016 17:40:16 +1100 (EST)
From: Bruce Evans <brde@optusnet.com.au>
X-X-Sender: bde@besplex.bde.org
To: Allan Jude <allanjude@freebsd.org>
cc: Devin Teske <devin@shxd.cx>, Bruce Evans <brde@optusnet.com.au>, 
 Ian Lepore <ian@freebsd.org>, Warner Losh <imp@freebsd.org>, 
 src-committers@freebsd.org, svn-src-all@freebsd.org, 
 svn-src-head@freebsd.org, Devin Teske <dteske@freebsd.org>
Subject: Re: svn commit: r293227 - head/etc
In-Reply-To: <568C883C.5050006@freebsd.org>
Message-ID: <20160106163237.L1563@besplex.bde.org>
References: <201601052120.u05LKlQw074919@repo.freebsd.org>
 <1452038404.1320.46.camel@freebsd.org> <20160106125617.E968@besplex.bde.org>
 <5360EA7A-399F-4679-B58F-62D0112EA481@shxd.cx> <568C883C.5050006@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Optus-CM-Score: 0
X-Optus-CM-Analysis: v=2.1 cv=cK4dyQqN c=1 sm=1 tr=0
 a=KA6XNC2GZCFrdESI5ZmdjQ==:117 a=PO7r1zJSAAAA:8 a=L9H7d07YOLsA:10
 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=JzwRw_2MAAAA:8 a=kj9zAlcOel0A:10
 a=_9Kpg5vkrs-okR2GLKYA:9 a=-uQxRxpSkNZysZvc:21 a=Gk-SUihwnLnGPLte:21
 a=CjuIK1q_8ugA:10
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2016 07:03:18 -0000

On Tue, 5 Jan 2016, Allan Jude wrote:

> On 2016-01-05 22:16, Devin Teske wrote:
>> This e-mail is extremely hard to parse  and I think you are mistaken.
>> 
>> The -f flag is more than just a counter to a possible -i
>>
>> Try to rm a file that has schg
>> You will get a prompt without -i
>> Adding -f will abate the prompt to attempt override of schg flag.

I forgot about the permissions check.  Normally root has permission to
write anything, but some file flags change this.  The schg flag is
handled bogusly: rm prompts without -f, but schg prevents removal if
you answer 'y'.  The uchg flag is handled better.  rm has special
undocumented code to handle it, mainly so that rm -rf blows it away.
Without -f, rm prompts but the the special code removes uchg so that
removal is possible.

The permissions check only applies to the file.  Removal doesn't
depend on the file's permissions.  It only depends on the file's flags
and the directory's permissions and flags.  rm agrees with its man
page and doesn't prompt if the file is writable but the directory is
unwritable.  The directory permissions don't stop root either, but
immutable directories do.  Since there is no prompt, -f has no effect
on anyone in this case.

>> There are more conditions in rm that lead to a prompt than simply those conditions involving -i and adding -f abates them all.

It isn't clear what these are.  POSIX only says that there is a prompt
without -i for files which don't have write permission (to themselves).
FreeBSD's man page should say more about how this extended for file
flags, but actually says nothing for file flags and is less clear than
POSIX for ordinary permissions.

> I think this is kind of a poor UI design of rm(1) honestly. It seems
> like what we need is a 'never be interactive' flag, that won't surpress
> the error message about the schg'd file, or read-only file system, but
> won't try to prompt for it.
> 
> Although adding a new flag to rm(1) at this point probably doesn't make
> sense.

It already has this flag, namely -f.  This is what I started out to say.
-f never suppresses errors except ENOENT for a non-existent file.  What it
suppresses is prompts.  Since the uchg hack involves a prompt, -f also
changes the semantics for removing user-immutable files.

The file flags hack includes uappnd together with uchg, but not the
newfangled uunlnk.  That has only been available for annoying sysadmins
since 1997.  Apparently its name is to confusing for it to be used.

Bruce