Re: Installer packages asking for authentication in user's home directory
Re: Installer packages asking for authentication in user's home directory
- Subject: Re: Installer packages asking for authentication in user's home directory
- From: Michael Watson <email@hidden>
- Date: Tue, 9 Jan 2007 18:19:39 -0500
I'm not splitting anything across domains. Users are allowed to
choose where to install programs, and Installer.app doesn't seem to
allow for flexible installer packages that let the user choose the
installation directory, without forcing an authentication prompt
regardless of destination permissions.
Open Package Maker and follow these steps to replicate the issue I am
having:
0. Create a new user who does not have write access to /Applications.
1. Create a new single package project and save it to disk.
2. Create your "component" payload directory on disk and add a dummy
text file to it.
3. In the Contents tab of the Package Maker project, set the root to
the component dir.
4. In the Configuration tab, give the package a default location of /
Applications, as this is pretty standard for installed apps.
Notice that if you change the setting for Authentication to "None",
it will be reverted to "Adminstrator" when you change tabs, press the
tab key, build the project, or save the project. The logic here is
clear, because setting the default location of your user folder will
automatically change the Authentication value to "None", but continue
reading to see how this logic ends up causing problems.
For now, leave the settings here defined as /Applications and
"Administrator".
5. Build the package and run it from the Finder under the new user.
6. Attempt to install the payload into the default location of /
Applications. You will be prompted for authentication. So far, so
good. If you enter your auth info, the package installs properly.
7. Relaunch the installer package and this time, choose your home
folder instead of using the default location. You will be prompted
for authentication. ***Installer.app does not look at whether or not
you have write access to the chosen folder; it only checks to see
what you set up in Package Maker.***
8. Back to the Package Maker project. Change the Authentication value
to "None".
9. Build the package and run it from the Finder under the new user.
10. Attempt to install the payload into your home folder, instead of
the default location of /Applications. ***The payload will be
installed without an authentication prompt.***
11. Relaunch the installer package and this time, use the default
location of /Applications for the installation directory. ***You will
NOT be prompted for authentication, and the installation will
(obviously) fail.***
Surely there is a way to correct this behaviour. Appropriate
behaviour should be:
1. With "Adminstrator" authentication defined, authentication is
always demanded of the user.
2. With "None" authentication defined, authentication is demanded of
the user when the destination directory's permissions require
elevated privilege, but not demanded otherwise.
See this:
http://lists.apple.com/archives/installer-dev/2006/Feb/msg00035.html
>> Another apparent limitation of the package system (though I
haven't
>> tried it to make sure), is that in order to support the
application's
>> default installation of into /Applications, I'd need to make the
>> permissions be root:admin 1775. However, if I'm in the "user"
case,
>> where the user isn't an admin and doesn't plan on installing the
>> application for all users, I'd not be able to make the
permissions be
>> root:admin even if I wanted to (which I don't, I'd rather it
just be the
>> user's uid and gid). Furthermore, it seems like it's just a
static
>> setting that a package requires admin authentication or not.
Is this the
>> case, or am I missing something?
> See above, if the user installs in their home directory (this is a
special case)
> it will not authenticate and install the package as the user.
The problem is, of course, that this reply appears to be incorrect.
Installer.app /will/ ask the user to authenticate, regardless of the
user's permission to write to the chosen directory.
--
m-s
On 09 Jan, 2007, at 17:36, Luke Bellandi wrote:
No. The installer either installs all files as the user (when
authentication is none), or applies the ownership of all of the
files from when they were packaged (when authentication is admin or
root). There's no support for a hybrid case, except by using
scripts as you say.
Generally it makes more sense to try to stick to one domain. What
are you installing that requires pieces to be installed in both the
user *and* the system domain?
- Luke
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden