site_archiver@lists.apple.com Delivered-To: installer-dev@lists.apple.com Thread-index: AcWucmF/uTbJjwNDTbaPtQ1un4Rv3QAAafNw Thread-topic: Permissions - OS 10.3.7 - PackageMaker Does anyone know if this behaviour still exists under Tiger? Meaning is the behaviour the same? I think that I have seen packages work when installed from the GUI in 10.4.2 as opposed to command line in 10.3.9 during imaging. -Mike -----Original Message----- From: installer-dev-bounces+perbix=lmsd.org@lists.apple.com [mailto:installer-dev-bounces+perbix=lmsd.org@lists.apple.com] On Behalf Of Stéphane Sudre Sent: Wednesday, August 31, 2005 5:23 PM To: Bob Hickey Cc: installer-dev@lists.apple.com Subject: Re: Permissions - OS 10.3.7 - PackageMaker On mercredi, août 31, 2005, at 10:52 PM, Bob Hickey wrote:

Peter,

My package does not include an /Applications directory. The only place I have /Applications is in the Default Location field. For the Docs, I use /Library/Documentation/Applications as my Default Location field.

Maybe this can help: From a bug report I made which was marked as duplicate: --------------8<---------------8<--------------8<--------------- 8<---------------- 05-Aug-2004 09:05 PM Stephane Sudre: A package (.pkg) can have a Default Location which is not '/'. When you create a package with its Default Location set to "/Applications", Installer.app can corrupt the permissions for the "/Applications" folder. Step to reproduce: Either use the attached package or create a new one with these parameters: - Default Location set to /Applications - Authentication: Root Authorization - One file in DST_ROT 0. Check in Terminal.app the permissions on /Applications, they should read: root:admin drwxrwxr-x 1. Run the package in Installer.app (you can use any version of OS X from 10.2.8 to 10.3.5 (M30 build)) 2. Once Installation is finished, check in Terminal.app the permissions on /Applications Results: Incorrect permissions, the owner and group are set to: your_user_account:staff This can be seen as a security flaw too. 'testInstallerApp.tar.gz' and 'System ProfilePB.txt'were successfully uploaded 14-Aug-2004 06:46 PM Stephane Sudre: I think I found where the problem lies. It's both a problem in the documentation and in Installer.app. Let's say you're making a package installing stuff in /Applications and you set /Applications as the default path. When you install this kind of package, /Applications owner, group and permissions will be set to the values of the DST_ROOT used to create the pax and bom Archive files. * Bug in the documentation: http://developer.apple.com/documentation/DeveloperTools/Conceptual/ SoftwareDistribution/Concepts/sd_permissions_author.html#//apple_ref/ doc/uid/20001769/TPXREF2 "Set permissions for the directories and executable files in the package to a value of 775 (full access for owner and group, read and execute access for others). Set permissions for non-executable files to 664 (read and write access for owner and group and read-only access for others). " PROBLEM: This is incomplete. It should be added that the "Root" folder used by PackageMaker should be set to root:admin 755. Otherwise, there will be permissions and owner issues. * Bug in Installer.app: PROBLEM: Since you're installing in /Applications, why is /Applications permissions and owner:group modified by the values for the . item in the pax and bom Archives? IMHO, '.' should not be taken into consideration for any Default Location. Note: I don't know if this is possible as I haven't looked at the pax and cpio source code. PROBLEM: Other possible bug, since this permission mistake also happens when Overwrite permission is not checked, why is the permission for /Applications modified? --------------8<---------------8<--------------8<--------------- 8<---------------- _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/perbix%40lmsd.org This email sent to perbix@lmsd.org _______________________________________________ Do not post admin requests to the list. They will be ignored. Installer-dev mailing list (Installer-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/installer-dev/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com