11

OS: Ubuntu 20.04

I installed gedit, kate, and libreoffice as snaps. 

$ snap list (partial output)
Name                             Version                     Rev   Tracking         Publisher   Notes
gedit                            3.36.0+git7.764f9c67f       537   latest/stable    canonical✓  -
kate                             20.04.0                     64    latest/stable    kde✓        -
libreoffice                      6.4.3.2                     177   latest/stable    canonical✓  -
$

None of these snaps can access any hidden files and hidden folders in my home folder. Is that by design?

The ls -al output for ~/home is below:

$ ls -al
total 104
drwxr-xr-x 18 dkb  dkb   4096 May 11 16:26 .
drwxr-xr-x  3 root root  4096 Apr 26 16:12 ..
-rw-rw-r--  1 dkb  dkb   2782 May  9 07:59 .bash_aliases
-rw-------  1 dkb  dkb  10748 May  9 19:32 .bash_history
-rw-r--r--  1 dkb  dkb    220 Apr 26 16:12 .bash_logout
-rw-r--r--  1 dkb  dkb   3953 Apr 27 15:09 .bashrc
drwx------ 14 dkb  dkb   4096 May 11 15:58 .cache
drwxr-xr-x 21 dkb  dkb   4096 May 11 15:58 .config
drwxr-xr-x  2 dkb  dkb   4096 May 11 16:19 Desktop
drwxr-xr-x  2 dkb  dkb   4096 May 11 15:47 Documents
drwxr-xr-x  3 dkb  dkb   4096 May 11 16:17 Downloads
drwx------  3 dkb  dkb   4096 Apr 30 19:10 .gnupg
-rw-------  1 dkb  dkb     97 May  4 09:39 .lesshst
drwxr-xr-x  3 dkb  dkb   4096 Apr 26 16:22 .local
drwx------  5 dkb  dkb   4096 Apr 27 16:34 .mozilla
drwxr-xr-x  2 dkb  dkb   4096 Apr 26 16:22 Music
drwxr-xr-x  2 dkb  dkb   4096 May  5 16:34 Pictures
-rw-r--r--  1 dkb  dkb    807 Apr 26 16:12 .profile
drwxr-xr-x  2 dkb  dkb   4096 Apr 26 16:22 Public
drwxr-xr-x 13 dkb  dkb   4096 May 11 16:00 snap
drwx------  2 dkb  dkb   4096 Apr 26 16:36 .ssh
-rw-r--r--  1 dkb  dkb      0 Apr 26 16:31 .sudo_as_admin_successful
drwxr-xr-x  2 dkb  dkb   4096 Apr 26 16:22 Templates
drwx------  6 dkb  dkb   4096 Apr 30 19:29 .thunderbird
drwxr-xr-x  2 dkb  dkb   4096 Apr 26 16:22 Videos
$

The issue doesn't may not be about hidden files or folders, per se. If I copy ~/.config over to ~/Downloads all three snaps can open ~/Downloads/.config and the files therein.

On the other hand, if I copy ~/.bashrc to ~/bashrc, the snaps have no difficulty.

Jastria Rahmat
  • 302
DK Bose
  • 42,548
  • 23
  • 127
  • 221
  • Could be somewhat related to this ticket, although your issue sounds quite a lot more generic. Long story short: a "snapped" process runs inside its own root file system and so the process inside does not have the same idea of the file system as you do from "the outside". – 0xC0000022L May 11 '20 at 11:48
  • @0xC0000022L, I didn't want to make the question too long, but I copied ~/.bashrc to ~/bashrc and the snaps then had no difficulty. So same location, just not hidden. – DK Bose May 11 '20 at 12:00
  • sure, your question already states that, basically. Works for "normal" names, but not for "hidden" ones. So what is it you're trying to suggest here? Also, does your home folder reside under /home? You can investigate some of this by looking into $HOME/snap/<pkgname>/current while a "snapped" process is running. Similarly /snap/vlc/$PID ... – 0xC0000022L May 11 '20 at 12:05
  • You can use a mount bind from .bashrc to bashrc so you do not need to create an independent copy of the hidden folder. Of course, this still involves making something hidden visible for the snap to access. – vanadium May 11 '20 at 12:10
  • "Also, does your home folder reside under /home?" Yes, that's /home/dkb. I don't know what I'm "trying to suggest". I expected to be able to access files in my home folder. I can't. Hence my question. And, say I'm running the gedit snap, what should I look for in $HOME/snap/gedit/current? – DK Bose May 11 '20 at 12:20
  • @DKBose as far as I understand the contents of $HOME/snap/<pkgname>/current correspond to your home folder as seen inside the snap and /snap/<pkgname>/$PID (where PID is the process ID of a running snap) corresponds to the root FS. I am also still learning this stuff, but you already seem to have received a to-the-point answer. – 0xC0000022L May 11 '20 at 12:24
  • @0xC0000022L thanks for the effort, but I don't understand the answer by user535733 at all. It doesn't explain why I can edit ~/bashrc but not ~/.bashrc. They're in the same folder in the same file system. – DK Bose May 11 '20 at 12:40
  • https://ubuntu.com/blog/hey-snap-wheres-my-data – igor Feb 25 '23 at 14:26

2 Answers2

12

The Snap 'home' interface permits access only to non-hidden files and directories in a user's /home (and nowhere else).

The Snap 'personal-files' interface permits access to all files and directories in a user's /home (and nowhere else).

  • Snap interfaces are defined in the yaml file used in snap creation.
  • You can list the available interfaces for a snap package using snap connections <snap-name>. If personal-files is listed, then it can be used (it might already be connected in some snaps).
  • If the personal-files interface is defined but unused, you can use $snap connect <snap-name>:<plug-name> to connect it.

EXAMPLE #1: Discord Snap: snap connections discord has NO personal-files entry. Discord CANNOT access hidden files, and you cannot change that.

$ snap connections discord | grep personal-files
$

EXAMPLE #2: Firefox Snap: snap connections firefox DOES have a personal-files entry, and the plug is already connected to a Firefox slot. This user can ALREADY access hidden files in the home directory (nowhere else).

$ snap connections firefox | grep personal-files
personal-files            firefox:dot-mozilla-firefox     :personal-files                  -
$

// Interface name  = personal-files
// Snap plug name  = dot-mozilla-firefox
// Snapd slot name = personal-files

EXAMPLE #3: Snap Store: snap connections snap-store HAS a personal-files entry, but the slot is NOT connected to a plug. YOU can connect it. Let's do that!

$ snap connections snap-store | grep personal-files
personal-files            snap-store:dot-snap-auth-json             -                                -

// Interface name  = personal-files
// Snap plug name  = dot-snap-auth-json
// Snapd slot name = (not listed because it's not connected)


$ sudo snap connect snap-store:dot-snap-auth-json
connect snap-store:dot-snap-auth-json to snapd:personal-files


$ sudo snap disconnect snap-store:dot-snap-auth-json
disconnect snap-store:dot-snap-auth-json from snapd:personal-files
user535733
  • 62,253
  • 1
    Just learned something new. Thanks. – 0xC0000022L May 11 '20 at 12:07
  • 4
    How can one enable the "personal-files' interface? Or does that depend on whether the Snap allows enabling that interface? If would be good if you could elaborate a bit on how to make snaps access hidden files - that is in fact the question. May not be possible to enable that interface without repackaging the snap. – vanadium May 11 '20 at 12:10
  • 1
    @vanadium edited to address your comment. – user535733 May 11 '20 at 12:17
  • 2
    Thanks for the answer but I still don't know what I can do as a user of these snaps to be able to edit files in my home folder. Is there a simple command I need to run? Like sudo snap connect gedit:<something-appropriate>? – DK Bose May 11 '20 at 12:32
  • @DKBose yes, it's in the second bullet point. Sticking with gedit you do: sudo snap connect gedit:personal-files ... possibly you'll also have to disconnect the home interface. Ah ... I see. The problem is likely the available plugs/slots for your snap package? – 0xC0000022L May 11 '20 at 12:44
  • snap interface --all lets you list generally available interfaces. If it lists personal-files your snap version supports it. Check this documentation out. – 0xC0000022L May 11 '20 at 12:50
  • 3
    @0xC0000022L error: snap "gedit" has no plug named "personal-files". – DK Bose May 11 '20 at 12:50
  • 1
    And the same message with the other snaps. – DK Bose May 11 '20 at 12:54
  • @DKBose it means the snap author doesn't support it, so purely as a user you're out of luck, I'm afraid. – 0xC0000022L May 11 '20 at 12:54
  • @0xC0000022L very true. – DK Bose May 11 '20 at 12:58
  • @DKBose big edit to address your comments. It should be much clearer now. Thanks for the feedback! – user535733 Jul 13 '22 at 14:10
  • Very nice indeed, this now answers the question! – vanadium Jul 14 '22 at 09:31
  • A detailed explanation is available in official blog post at https://ubuntu.com/blog/hey-snap-wheres-my-data – igor Feb 25 '23 at 14:26
  • Thanks for this nice explanation. But: As in your Example 2 in my Firefox-Snap personal-files is connected, but I still can't access hidden folders. (Traditional permissions are fine) What do I miss? (Besides hidden folders...) – Hinz Aug 24 '23 at 09:07
0

Workaround for modification of existing files only

My experience is that files in ~/.<directory> are inaccessible by default in snaps but sub-directories that are hidden, i.e.~/tmp/.<directory> seem to be accessible.

To overcome this limitation and not having to copy whole files back and forth you can create a hard-link copy of the directory recursively

example: ~/.local/... inaccessible

  • open a terminal Ctrl+Alt+T
  • create a temporary directory for the hardlinks
    • mkdir -p ~/tmp/hrdlnks
  • create hardlink copy of the whole ~/.local/ directory
    • cp -al ~/.local ~/tmp/hrdlnks/
  • now ~/tmp/hrdlnks/.local/ should be accessible
    • if for some reason they are not accessible because it is a hidden directory you could just rename it from .local to dot-local, for example.
      • mv ~/tmp/hrdlnks/.local ~/tmp/hrdlnks/dot-local
  • When you are done modifying the file(s) just delete the temporary hardlink copy directory
    • rm -r ~/tmp/hrdlnks/

Side Notes:

  • if you create a new file in this "hardlink" temporary directory you will not be creating it in the "original"/"mirrored" directory
    • you will need to copy it manually before removing the temporary hardlink directory
  • if new files get created in the "original" directory after you have made your hardlink copy, they will not exist in the hardlink copy
    • you will need to create a new hardlink copy
    • I would recommend to just delete the temporary directory once you are done modifying the files of interest.

Notes on hardlinks

  • a hardlink just points to the same "file blob of data"
  • if you delete the hardlink you are not deleting the "original" file
    • if you delete the "original" file, the hardlink still has access to the data, when you delete all hardlinks pointing towards the data, you will not have anymore access to the data, although it will still exist untill some other file overwrites those "free" bytes
  • if you change the file or directory name you are not changing the "original" names
  • if you move files around in the hardlink temp directory you will not be moving anything in the "original" directory structure
Pau Coma Ramirez
  • 312
  • 2
  • 9