Re: packagemaker newbie - permissions issue
Re: packagemaker newbie - permissions issue
- Subject: Re: packagemaker newbie - permissions issue
- From: Greg Neagle <email@hidden>
- Date: Tue, 23 Jun 2009 09:54:00 -0700
"it makes it extremely difficult to store out malicious modifications
from benign modifications."
should read:
"It makes it extremely difficult to sort out malicious modifications
from benign modifications."
-Greg
On Jun 23, 2009, at 8:50 AM, Greg Neagle wrote:
As a Mac OS X systems administrator, I find software that modifies
files inside its own application bundles evil, and would encourage
you to rethink that design decision. It makes it extremely
difficult to store out malicious modifications from benign
modifications.
I'd also urge you to consider making the file in /Library/
Application Support/Rising Software read-only, and copying it to ~/
Library/Application Support/Rising Software, where you can modify it
in the user's home dir, but this is a matter of preference as long
as the software can run with the /Library/Application Support/Rising
Software file missing or damaged by the user.
If _anybody_ who runs the software must have read/write access to
these files, you must set the mode to 666 if they are actually
files, and 777 if they are directories. You _cannot_ rely on all
users being in any specific group.
-Greg
On Jun 23, 2009, at 7:08 AM, Peter Lee wrote:
Hello,
Our applicaton has a couple of files that anybody who runs the
application needs read/write access to. One is stored in Library/
Application Support/Rising Software and the other is in the
application bundle. In Packagemaker, they are getting assigned to
group 'staff', with my own name as the owner. As I understand, who
owns the file isn't really an issue, as long as the group has rw
access, and all users who need to use the spp are in the group that
owns the file(s).
On 10.5, every user seems to be in the 'staff' group. I not sure
if that that's the case in earlier versions of OSX - it may be but
my 10.4 disk won't boot at the moment....
Having said that - on a friends machine - 10.5, he's transferred
his profile from an earlier version of OSX, and he's not in staff.
I don't know if he was in staff on his earlier box - I _think_ that
in earlier versions of OSX, you are in a group with the same name/
number as your user name/number, and perhaps you don't get
membership of staff automatically when you transfer your profile.
I'm just wondering how we should handle this? We could make those
files owned by group 'everyone' instead? It sounds a bit ugly to me?
Thanks,
Peter Lee
--
Peter Lee email@hidden
-----------------------------------------------------------------------
Rising Software Australia Pty. Ltd. http://www.risingsoftware.com/
Publishers of 'Auralia' - Ear Training and 'Musition' - Theory
Training
Ph: +61 3 9481 3320 FAX: +61 3 9481 3380 USA Freecall: 1 888 667
7839
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden