Question

12

Permission of a .desktop file

rated 0 times [ 12] [ 0] / answers: 1 / hits: 37155 / 1 Year ago, sat, march 4, 2023, 5:31:23

Need some clarification about the permissions of .desktop files. I can see all the .desktop files in /usr/share/applications/ owned by root have permission,

-rw-r--r--

also examples.desktop at $HOME owned by user has the same permission. All of those run properly.

But when I am going to create a custom .desktop file having the same permission it is throwing the following error message,

Untrusted application launcher

The application launcher "myapp.desktop" has not been marked as trusted. If you do not know the source of this file, launching it may be unsafe.

But adding the execution permission is allowing it to run without any issue.

Q: Why custom .desktop files need to have +x permissions to run or how some .desktop files can run without execution permission? Is it possible to run a custom .desktop file without execution permission?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

uccase

Add To Favorites

Follow

Total Points: 473

Total Questions: 100

Total Answers: 110

Location: Anguilla

Member since Sun, Jan 29, 2023

1 Year ago

answered 1 Year ago skaing · Accepted Answer

This is from Ubuntu's security policy:

Execute-Permission Bit Required

Applications, including desktops and shells, must not run executable code from files when they are both:

lacking the executable bit

located in a user's home directory or temporary directory.

This includes *.desktop, *.jar, and *.exe files.

Nothing may provide a workaround to run them anyway automatically ...

So yes, according to this policy, it should be possible to run a .desktop file without the executable bit set. According to this policy you would only have to move that file out from the /home/ and /tmp/ directories and then you can launch it without the executable bit set. This is in theory/according to the policy.

In practice nautilus will allow you to launch .desktop files without the executable bit set from the XDG_DATA_DIR directories and from the ~/.gnome2/ directory. You can check the XDG_DATA_DIRS with the echo $XDG_DATA_DIRS command. So if you put your .desktop file in in an XDG_DATA_DIR or in ~/.gnome2/ you will be able to launch it from nautilus without the executable bit set. At least on 12.04 it works like that. _{How is this in line with the aforementioned policy I do not know.}

For the examples.desktop mentioned in the question: That .desktop file is a different kind of .desktop file. It is a "Link", it doesn't want to execute anything, it basically works as a symlink. These kinds of .desktop files work everywhere.