Multiple users

[nivekuil]

Since the graveyard is stored in a globally accessible directory by default, all users get their files sent to the same directory. If rip -r as a normal user tries to restore something deleted from /root, it will throw an error.

The proposed solution is to include the username in the histfile and limit rip -r to files owned by $USER. The current histfile structure is not flexible enough to support this, so it's probably best to make it an append-only log and implement a parsing algorithm (with stacks and such) for the resurrect option. The downsides are worse performance and disk usage, but these should be totally negligible.