Re: Gnumeric file went south.

[Zbigniew Chyla <cyba gnome pl>]

On Wed, 2001-06-13 at 18:10:51, Morten Welinder wrote:

Note: I'm not talking about creating backup file here. I'm talking about
creating _temporary_ file and then renaming it to the original name.
Of course we could create backup files too...

> This is quite complicated to get right.

It would be less complicated if we supported this at file format level (we
could easily preserve user/group/hardlinks/anything), but it's not the case
for most existing file formats.

> * Missing write permission in the directory.  (Backup goes to home directory
>   with a message.)

Saving temporary file in different filesystem doesn't guarantee safety -
we'd have to copy its conent to the original file and it wouldn't be atomic
operation.

> * Hard-linked files.
>
> * Writable files owned by other users and/or groups.

You forgot:
 * Concurrent access to the file (many users/gnumeric processes) :-)

We don't have too much choice:

- If the file is owned by the current user/group and st_nlink == 1 and we
  have write access to the directory - we create temporary file in this
  directory and then rename it.

- Otherwise we create temporary file somewhere in $HOME and then copy it
  using sendfile / mmap + write / read + write (depending on the system).
  It doesn't guarantee safety, but minimizes the risk.

Two config options would let the user decide:

- if we should use this feature at all
- if we should copy the file if rename can't be used
  (we write directly to the original file if this option is disabled)

What do you think?


Zbigniew