Next: , Previous: Android shell setup, Up: Configuration

5.18 Auto-save and Backup configuration

To avoid Tramp from saving backup files owned by ‘root’ to locations accessible to others, default backup settings in backup-directory-alist have to be altered.

Here's a scenario where files could be inadvertently exposed. Emacs by default writes backup files to the same directory as the original files unless changed to another location, such as ~/.emacs.d/backups/. Such a directory will also be used by default by Tramp when using, say, a restricted file /su:root@localhost:/etc/secretfile. The backup file of the secretfile is now owned by the user logged in from Tramp and not ‘root’.

When backup-directory-alist is nil (the default), such problems do not occur.

To “turn off” the backup feature for remote files and stop Tramp from saving to the backup directory, use this:

     (add-to-list 'backup-directory-alist
                  (cons tramp-file-name-regexp nil))

Disabling backups can be targeted to just the su and sudo methods:

     (setq backup-enable-predicate
           (lambda (name)
             (and (normal-backup-enable-predicate name)
                   (let ((method (file-remote-p name 'method)))
                     (when (stringp method)
                       (member method '("su" "sudo"))))))))

Another option is to create better backup file naming with user and host names prefixed to the file name. For example, transforming /etc/secretfile to ~/.emacs.d/backups/!su:root@localhost:!etc!secretfile, set the Tramp user option tramp-backup-directory-alist from the existing user option backup-directory-alist.

Then Tramp backs up to a file name that is transformed with a prefix consisting of the DIRECTORY name. This file name prefixing happens only when the DIRECTORY is an absolute local file name.


     (add-to-list 'backup-directory-alist
                  (cons "." "~/.emacs.d/backups/"))
      'tramp-backup-directory-alist backup-directory-alist)

The backup file name of /su:root@localhost:/etc/secretfile would be /su:root@localhost:~/.emacs.d/backups/!su:root@localhost:!etc!secretfile~

Just as for backup files, similar issues of file naming affect auto-saving remote files. Auto-saved files are saved in the directory specified by the user option auto-save-file-name-transforms. By default this is set to the local temporary directory. But in some versions of Debian GNU/Linux, this points to the source directory where the Emacs was compiled. Reset such values to a valid directory.

Set auto-save-file-name-transforms to nil to save auto-saved files to the same directory as the original file.

Alternatively, set the user option tramp-auto-save-directory to direct all auto saves to that location.