Re: [bug-gawk] gawk - 'inplace' feature ignores file's access flags (read-only)

[Bob Proulx]

Janis Papanagnou wrote:
> The 'inplace' feature ignores access flags of files; if the
> file is write protected it will nonetheless be overwritten.

Johannes Meixner wrote:
> When I am normal user I expect that a tool works in compliance
> with my normal user permissions (if a tool could exceed my
> normal user permissions there is a security issue somewhere).

This is one of those common pitfalls that people often fall into.  It
is a misconception to think that permissions on a file prevent the
file from being removed.  It does not.  If one wishes to prevent a
file being removed then it is the permissions on the directory holding
the file that either allow or prevent it.

If I give you a document and put it in an impervious glass lockbox you
won't be able to change the document.  It will be locked in the box.
You can see the document.  You can make a copy of the document.  But
the glass lockbox prevents you from modifying it.  But nothing
prevents you from throwing the entire lockbox away!  This is similar
to setting read-only access to a file.  If the file is read-only you
cannot write to the file.  But that read-only access to the file does
not prevent you from throwing the file away by removing it from the
directory.  To do that the permissions on the directory holding the
file must be changed to be read-only.

Editorial comments...

BTW rsync also does replacement off to the side and then renames it
into place too.  Add rsync to the list of programs that also does file
updates in exactly the same way.

I use perl, sed, awk -i a lot.  It is a very convenient option.
However this thread is a good example of why such creeping featurism
can confuse people.  What did people do before this feature existed?
They wrote out the commands they wanted to do.

Of course most people got the command list wrong because they did all
of the bad buggy file replacements that have already been mentioned.
I have lost track of the number of times people reported bugs because
they updated files incorrectly.  At least the -i functionality is done
the right way.  But it is a box and people think it is a magic box.
It isn't.  It can't do anything more than what can be done by the list
of commands we would have used without it.

Bob

For example without -i one needs all of this infrastructure:

#!/bin/sh
unset tmpfile
cleanup() { test -n "$tmpfile" && rm -f "$tmpfile" ;}
trap "cleanup" EXIT
trap "cleanup; trap - HUP; kill -HUP $$" HUP
trap "cleanup; trap - INT; kill -INT $$" INT
trap "cleanup; trap - QUIT; kill -QUIT $$" QUIT
trap "cleanup; trap - TERM; kill -TERM $$" TERM
trap "trap - PIPE; cleanup; kill -PIPE $$" PIPE
tmpfile=$(mktemp ./foo.XXXXXXXX) || exit 1
echo "foo" > "$tmpfile" || exit 1
mv "$tmpfile" foo || exit 1
exit 0

Having -i can save a lot of possibility for errors.