What permissions should 'texlive' have? - security

For years I have been using MacTeX which installs in /usr/local/texlive, and have recently started using Homebrew to manage some packages (though not — yet — TeX). As a consequence of the adoption of Homebrew, I've changed the owner of all of /usr/local to Me:admin (from root:wheel).
Is this change of ownership safe? Is there a reason that texlive needs to be owned by root?

Normally usr/local is owned by root:wheel so that multiple usr's can access it, so by default everything installed to it is owned by root:wheel. Homebrew takes the rather unusual (but convenient) step of subverting this. It says, look this computer is just being used by one user, so I'll give her control of usr/local. It does this to
Make it more likely that all unixy installs will work for you
Make it safer (if there are any other users using the computer) - as a homebrew user, you'll only screw your own account up wiht homebrew if something goes wrong.
As you installed tex before homebrew it has root:wheel ownership, this has nothing to do with texlive, and everything to do with the normal usage of usr/local. If you change its permissions to Me::admin, then only you will be able to use texlive - I'd just leave it alone :)

Related

Pygame will not import in python 3.8 [duplicate]

I'm probably just being very thick here, but it's not clear to me where I'm supposed to install 'new' user-specific programs on Windows 7 (and presumably Vista too, though I've not specifically looked at that scenario yet).
Under Windows XP (rightly or wrongly) we always installed our programs into folders under 'Program Files' and accepted that they'd be kind-of available to everyone. From what I can gather under Windows 7 I'm supposed to install my software under the user's AppData folder (possibly AppData\Local\MyApp). That makes a degree of sense, but the fact that this folder is 'hidden' by default means that we're going to have 'fun' talking our users through support stuff.
I want to install our software so that it's user specific (the Users bit in Windows 7 makes perfect sense) but I do want the user to be able to access it if required. Our program also includes a 'data' subdirectory which it needs to write into while it's running (embedded database), but as the program is intended to be single-user/standalone, the data folder being inside a user-specific folder isn't going to be a problem.
My problem is just that whole 'hidden folder' aspect of AppData. As much as I've trawled the MSDN, I can't work out where else I'm supposed to install user-specific programs. Taken one way it would seem to be something like AppData\Local\MyApp, and another way it would seem to be just as valid under the user's My Documents\MyApp equivalent.
Has anyone got a clear guide for where all this stuff goes? I found the MSDN docs confusing. :-)
Not really.
The directory that serves as a common
repository for application-specific
data for the current roaming user.
AppData is, surprisingly, for application data, not for installation (Click Once/Silverlight applications aside). You can, and should still install into Program Files, just don't expect to write into that folder.
You can install software into AppData if you want it to follow a user about in an Active Directory environment, which happens if you put it in AppData\Roaming (the SpecialFolder.ApplicationData location).
You can also install into AppData if you want the software to be available to just the user that installs it. This can be useful if, for example, you have multiple users on the same machine, who all want to run different versions of the software in complete isolation.
If you want settings to only apply on the local machine then you use AppData\Local, which is SpecialFolders.LocalApplicationData - this will make AD administrators very happy as the roaming profile size won't suddenly jump up 50Mb or whatever the size of your software is.
If you wanted to create settings which apply to all users then you're looking at SpecialFolders.CommonApplicationData
You should remember never to rely on the actual name of the directory - localisation issues mean this can change and the location does change with OS versions two. You should be using the special folder enumeration in your software, or the equivalent in your installer.
Could you not install into Program Files, but use AppData as it's supposed to be used, and store your database in there?
Windows 7 added the FOLDERID_UserProgramFiles known folder and by default this maps to %LOCALAPPDATA%\Programs. This is used by MSI when ALLUSERS=2 & MSIINSTALLPERUSER=1.
On Vista and earlier there is no canonical per-user application folder but just using %LOCALAPPDATA% is pretty common. Sadly MSI will just use %ProgramFiles% on these systems.
It's 2019, and I just installed Visual Studio Code (a Microsoft product) in the default folder of
%userprofile%\AppData\Local\Programs\Microsoft VS Code
This is probably for getting around the requirement to have an administrator or UAC prompt authorise the installation
Windows 7 folder structure is deeply inspired on Unix structure:
/usr/ -> C:\Program Files\ -> binaries: executables and dynamically linked
/etc/ -> C:\ProgramData\ -> global settings
/home/ -> C:\Users\ -> a folder for each user
~/.* -> C:\Users\Hikari\AppData\Roaming\ -> settings for each user
Windows has more folder, like My Documents for files with content produced by user, AppData Local and Roaming (which Unix usually handles with NFS).
It's about time for us developers to start using these structures. We must separate at least binary files that don't need to be replicated, global and user settings.
When a setup is installing an app, this setup should expect to have permission to write on Program Files. Once the setup is finished, Program Files should be writable only for other setups aiming to update binaries to other versions.
Please install executable files to the %programfiles% folder in Windows - a simple MSI based install package can perform an active setup for any new user who logs onto the machine to create the user specific files and folders in their profiles %appdata% folder. You see this behaviour for Internet Explorer, Adobe reader, etc. - It's the little MSI installer window that pops up the first time you log onto a machine which has those applications installed. - Thanks - a system admin :)
My opinion, for what it's worth, is that user-specific program files is just asking for trouble and is a damn stupid thing to do.
A much more sensible approach is to install different versions of your program to:
\Program Files\Your Program\Program_v0.1\Program.exe
\Program Files\Your Program\Program_v0.2\Program.exe
\Program Files\Your Program\Program_v0.3\Program.exe
\Program Files\Your Program\Program_v0.4\Program.exe
I would then place a bootstrapping launcher at:
\Program Files\Your Program\ProgramLauncher.exe
Then, the user application data folder will only contain data, including an INI/XML/Settings file that indicates the version of the program that this user is working with.
Such an approach satisfies the core tenant of keeping data and executing code separate, allows every user to run a specific version of the code, and offers a small amount of de-duplication by ensuring the same executable code is not copied multiple times across user folders.
Otherwise, go right ahead with installing programs to AppData and undoing the years it has taken us to achieve clean separation of code and data. I found this thread because I noticed that Chromium and DropBox are installing code to AppData. I'm going to uninstall those program, and change the permissions on my AppData folder to exclude execution to ensure I can easily spot other programs attempting the same BS.

binary ownership in a romfs package

I inherited an old system and I am still getting a hold of how the system works. Its a custom linux running built on AT91. We build a romfs and package in a bunch of binaries that gets installed upon flashing. I have been building as a root because I that is how it was inherited and done in the past. The binaries that get packed into the romfs are listed in a Makefile with individual file privileges/permissions.
When the romfs gets flashed and all the binaries get installed they have the permissions set to root:root. I understand romfs-inst.sh script does set some permissions through the many options it provides and those are being set right.
I need to be able to install the binaries are someuser:somegroup and I am sure there is no chown kind of option in the romfs-inst.sh. How else do I change the owner and group of the binaries.
Any help is appreciated Thanks
romfs doesn't have any way of storing the owner of a file. (It doesn't even preserve permissions other than the execute bit.)
If you need these features, you should probably take a look at replacing romfs with cramfs or squashfs. Along with supporting ownership and permissions, these filesystems can also compress files, letting you store more data in the same amount of memory.

Safely migrating tools into Homebrew

I have a few installs—notably Node, MacVim, and Taskwarrior—which I installed through the installers available on their websites. Now, having begun to grasp the incredible handiness of Homebrew, I'd like to transfer these applications into brew apps.
I think I could safely uninstall Node, but I'm not sure where all the files live. Trickier yet, I have settings and data for MacVim and Taskwarrior, respectively, in my .vim, .vimrc, and .taskrc files. Is is safe to just move those somewhere, then drop them back into place once I've deleted MacVim and Taskwarrior and reinstalled them via brew?
It's just that everything works right now and I'm nervous that I'll mess it up. Also, if this is a question better posed at Super User (or another forum), feel free to let me know and I'll try to move it to the appropriate location.
Any help is appreciated. This is new stuff for me, but it's pretty exciting.
Do .vim and .vimrc exist in your home directory? If so, you can just leave them in place; Homebrew won't do anything to them and the new MacVim will pick them up automatically. If they are in /usr/local (which I doubt), you can move them and then move them back, I think.
(Note that if you are a Ruby user, you might need to make sure the version of Ruby in your PATH is 1.8.7; rvm system if you use RVM, or brew unlink if you have a later Ruby installed with Homebrew. I just built MacVim with 1.9.2 as my active Ruby, and it just sort of freezes when I launch it.)
I would assume .taskrc would work the same way if it's in your home directory, although I haven't used TaskWarrior.

Are there any reasons to not install binaries, etc in a user's home dir?

I'm a user on a shared computing environment. More often than not, the system doesn't have most of the libraries I need or the binaries and programs are atleast 4-5 versions old. It's so cumbersome to email the sysadmins each time to update packages etc, that I've started installing them to a folder in my home dir.
My question is: are there any negatives to doing this? Can I also install the latest version of my shell to my home dir and chsh to use that? Certain packages have a lot of files. Will this affect login times (I presume the system has to stat() my entire home dir and check with quota)?
Typical practices is to have a ~/.bin directory with symlinks to your local executables. That way, you don't have to update your PATH for each new app, just the links.
Yes, what you describe is a common practice, though usually one doesn't need the number of packages/libraries you seem to. Do be careful if applications or libraries make assumptions about where they're installed...
There should not be any significant effect on login times.

Escalating privileges on linux programmatically

I am creating a graphical installer that should run on Linux. Installing should consist of copying files to some places in /usr. Currently the installer is written in Python.
How can I escalate the privileges of my installer when I need to copy files? I looked at PolicyKit but
a) there doesn't seem to be a generic "install files" action-id for PolicyKit
b) of the action ids I can use, I don't think they are standard across distros
I also looked at PAM and I have code that uses libpam but I can't seem to do anything with it. After authenticating my user (by providing username and password) I don't have write access to /usr. I tried changing my user with os.setuid(0) after authentication but I get an error from the OS.
Also, strangely, it doesn't seem to matter what service I provide to pam_start. As long as the username and password are correct I can pass anything I want. I see I have /etc/pam.d/sudo. The below code is simplified, the password is correctly stored in a pam_conversation object and I do pass a handle object.
pam_start("my_user", "my_pass", "sudo_garbage_12345");
works just as well as
pam_start("my_user", "my_pass", "sudo");
That is, they both succeed.
As a last resort I can probably execute gksudo or kdesudo but I don't want to be tied to those programs. Requiring users to invoke my installer with sudo is a (very) last resort.
You might be better off wrapping RPM with a front end that takes the user options and invokes RPM to do the hard work. This also gives you infrastructure for managing dependencies and plays nicely with the existing package management system. If you need to run on a .deb based system (Debian or Ubuntu) you may also need to consturct a .deb and put some mechanism in the front end that works out which package management system is active.
Granting random users access to root privilege is generally viewed as bad form on Linux or Unix systems (or any multi-user system for that matter) as it is a significant security risk. However you do have the option of letting the user install it under their home directory (~/bin) if they don't have root access or sudo permissions that allow them to write to system areas. In this case you can require them to install it as root if they want to install in /usr/bin but permit them to install it under their home directory for their own use if they don't have root privileges.
For a graphical installer, stick with a graphical environment. Use gksudo or kdesudo if they are available, otherwise fail with an error dialog saying they need root. People (newbies in particular) will download your installer and double-click to launch it from their desktop, and you need a graphical way to ask them for their password. You don't want to pop open a terminal on them.
Given that, don't do sudo for them even if they are running from the terminal. Just output an error saying you need root and exit. If the user is already at the command prompt (like I most likely would be), I already know how to sudo or su myself into root if I want to do so. I promise you you will most likely ruffle some feathers if you attempt to make an experienced user root when they can do it themselves.
If you INSIST on doing a sudo yourself from within your installer, for God's sake please force a 'sudo -K' before you do to remove the previous timestamp. If you don't do this, and I have sudo'd recently, you will run your installer with me as root without my knowledge (since I don't expect that to happen). A 'sudo -K' will force a prompt that I can then decide whether I want to proceed as root or not.
The best way in this case is to use su within your program. Redirect inputs/outputs and you're good to go!

Resources