On Sun, 22 Oct 2023, Björn Bidar wrote:

>>  @example
>> -local$ ssh -R12345:localhost:12345 remote
>> -remote$ export EDITOR="emacsclient \
>> -        --server-file=server \
>> -        --tramp=/ssh:remote:"
>> +local$ ssh -R "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server" remote
>> +remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
>
> If the host has run /run/user it would make sense to setup the Emacs
> socket inside this directory.
> On older systems this might be /var/run/user I think.

It would, sure, but you can’t in general tell from the local side whether the remote side has /run, nor what your UID is there.  You’d need an extra round trip, for which you need ssh’s ControlPersist option to make performant.  This is too complicated for a simple example.

> If the socket fie is in /tmp every other user can read it, using /run/user is
> more secure.

No, the socket will have permissions 0700, so other users won’t be able to read it.  The risk is that other users will be able to cause a nuisance by creating a file of the same name in its place.  Perhaps it’s better to suggest putting the socket in the user’s home directory (which I originally discounted in case of shared NFS home directories)?

-- 
Peter Oliver