The personal-files interface
The personal-files
interface provides access to the specified files in the user’s home. This interface gives privileged access to the user’s data.
Auto-connect: no
Super-privileged: yes
Transitional: no
Attributes:
-
read
(plug): list of files and/or directories for read-only access (eg, ‘read: [ $HOME/.file-read, $HOME/.dir-read ]
’ -
write
(plug): list of files and/or directories for read/write access (eg, ‘write: [ $HOME/.file-write, $HOME/.dir-write ]
’
Specifying a directory in read
and write
allows access to the directory and all files under it.
Requires snapd version 2.37+.
Snaps by default have access to everything under $SNAP_USER_DATA
(eg, ~/snap/<snap name>/<revision>
) and $HOME
is set to $SNAP_USER_DATA
for non-daemon commands. As a result, snaps may freely read and write to dot files in their $HOME
(ie, ~/snap/<snap name>/<revision>/...
).
The personal-files
interface is typically used to provide read-only access to top-level hidden data directories within a user’s real home directory in order to support importing data from existing applications where the snap is the clear owner of the target directory.
For distribution via the Snap store, consumers of this interface require an approved snap declaration. For acceptance, you will need to make a descriptive interface reference, as used by snap connections|interfaces|connect|disconnect
commands.
For example, if a foo application is being packaged as a snap and its publisher wants the snap to import an existing configuration from ~/.config/foo
into $SNAP_USER_DATA/.config/foo
(ie, $HOME/.config/foo
within the snap’s runtime environment or ~/snap/foo/<revision>/.config/foo
) on the host), the snapcraft.yaml could include the following:
name: foo
...
plugs:
dot-config-foo:
interface: personal-files
read:
- $HOME/.config/foo
apps:
foo:
plugs:
- dot-config-foo
...
Note, when declaring an instance of the personal-files
plug as above, it should be named with a descriptive name that indicates to a user what access it grants. In this case, the name dot-config-foo
is used to reflect the access to ~/.config/foo
.
With the above built snap, you would then be able to use the following to enable access to personal files:
$ snap connect foo:dot-config-foo
This is a snap interface. See Interface management and Supported interfaces for further details on how interfaces are used.
Last updated 5 months ago.