2

I noticed some files ~/.local/share/gvfs-metadata/ files. Those files are not text, they are some binary proprietary format. However, using a binary viewer (GHex) I could view some plain ascii strings in those files. I noticed that these strings contained sensitive information such as the locations of password key files.

In order to turn off this sensitive information collection "feature" I took the following steps:

  1. Installed Thunar (an alternative file system broswer)
  2. Disabled /use/bin/nautilus by removing executing permission (chmod -x /use/bin/nautilus)
  3. deleting the files ~/.local/share/gvfs-metadata/*

After rebooting I could confirm that (at least not over the course of a single day) the sensitive information was no longer being recorded in ~/.local/share/gvfs-metadata/*.

However, an unfortunate side effect of disabling nautilus is that the desktop background picture ceases to function and the desktop background remains black. Returning the execution permissions on /usr/bin/nautilus results in a return of the desktop background (but also in a return of the unwanted accumulation of sensitive information).

My question is:

  • Why does the background function depend upon nautilus (considering that file-browsing and desktop background are not naturally related)?

not to mention

  • How can I make background work again without enabling nautilus?

edit: I had previously noticed a similar security problem with the data files accumulated under the ~/.local/share/zeitgeist folder. I also found that using the clear zeitgeist history function didn't actually remove the sensitive information from the data files under the ~/.local/share/zeitgeist folder. I addressed that problem by removing the execute permissions from the zeitgeist service binaries "zeitgeist-*". Perhaps this is related to the problem, e.g., maybe the sensitive information is written to ~/.local/share/gvfs-metadata/... because it could not be written to ~/.local/share/zeitgeist/... ?

Craig Hicks
  • 809
  • 7
  • 18
  • My guess would be that it is connected to desktop background... – George Udosen Sep 03 '17 at 17:03
  • Desktops show the files in your desktop folder as icons and you can open them, change their metadata, and create new ones. So they're *usually* managed by file browsers. [This *should* be an answer](https://meta.askubuntu.com/q/2281)...but I think your last question is the main one. Can you **[edit]** to add: Did you just install `thunar` or did you do more to configure it? Does your desktop work at all? Does it show files in your `Desktop` folder? Does a right-click do anything? If so, can you show a screenshot of that? Are you using Unity? GNOME Shell? What's the output of `lsb_release -a`? – Eliah Kagan Sep 03 '17 at 17:53
  • @Eliah Kagan - You answered the question about why they are related. I took the liberty to quote your comment and make it the answer – Craig Hicks Sep 03 '17 at 18:05
  • @CraigHicks Thanks--looks good! Answer upvoted. I would've thought the method you used would still require Nautilus to be able to run--it's good to know it does not. – Eliah Kagan Sep 03 '17 at 18:06

1 Answers1

1

Thanks to @Eliah Kagan for the comment answering the question on why nautilus is related to background function:

  • "Desktops shows the desktop folder's entries as icons and you can open them, change their metadata, and create new ones. So they're usually managed by file browsers."

I found a solution to getting the background to work again from here. That solution is

  • gsettings set org.gnome.settings-daemon.plugins.background active true
Craig Hicks
  • 809
  • 7
  • 18