Re: More on daemon install and permissions/owner checks
Re: More on daemon install and permissions/owner checks
- Subject: Re: More on daemon install and permissions/owner checks
- From: Bill Coderre <email@hidden>
- Date: Thu, 19 Aug 2010 15:35:39 -0700
> On Aug 19, 2010, at 3:19 PM, Monte Benaresh wrote:
>> Just to clarify, we are using Iceberg to create bundle install packages for Installer.app. The code I am writing is indeed in the preflight script.
>>
>> We have been able to fail the install just fine from the preflight script by executing "exit 1". But as you said, we have no way of putting up a message to the user, though we emit useful messages to the log.
>>
>> Thanks for the pointer to the UNIX domain sockets check code. We actually use that code in our daemon to set up the socket files. But during install, we are trying to follow the recommendations in TN 2083 for the daemon itself. The questions I am bringing up reflect problems our beta testers have encountered.
Here's my PLAN A:
1) Fix permissions on subdirectories of /Library (and other similar locations) as you see fit.
2) Don't test, and don't fix, / and /Library.
3) If you wish, put something in the log about /, /Library, and whatever you did.
4) In any case, install as normal. (This means "let the installer do its thing." There are some cases where it might fail, if permissions are really unusual. If so, let it fail as it would.)
HOWEVER, since your software is security-related, you need to get a security person to assess the potential problems. Contact the Apple Product Security team via http://www.apple.com/support/security/
It is quite possible that they will come up with a PLAN B with you. Their advice trumps mine, of course. When I write installers at Apple, I do what they say.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Installer-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden