Re: admin user (and ditto group member) no longer has the corresponding permissions?!
Re: admin user (and ditto group member) no longer has the corresponding permissions?!
- Subject: Re: admin user (and ditto group member) no longer has the corresponding permissions?!
- From: "Sankey, David \(STFC, RAL, PPD\) via X11-users" <email@hidden>
- Date: Tue, 28 Jul 2020 08:18:00 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=stfc.ac.uk; dmarc=pass action=none header.from=stfc.ac.uk; dkim=pass header.d=stfc.ac.uk; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M1NiuDCSc6pMqvw/UJeXxzJPfJUf7p8MOCs9QX91ktg=; b=bUyf6pGL3sCVWQrO4DdAlMcNF+2v+/pwq+Fv8Fgxk6fenpbStLx2qtV+NNXKJEd7XZ8EfXk45PiYHns1yyjI1MrZQGoz5mtWPjQP5+qQ4dvBkqsPMcLVji3dT0QvO9ggzNxS2IVkpnHJpk+w17N6OWCgVBabsTJiaW52RWYaIfsveMkJgDIRna7sVzk7zXboaqm6a/hvp7LoixZEMqBQ0XrGes7QWnGbX/KMzGuEQpc7n8rJbhOhU8eyz7CVtPta0EDPXXlY4ozsNze6x4PZgbkgI9/vjv7nA0mBgsbrzUSzxPS4xxbkmHmMaufjtzqmUS0twl9h3+qGLjqHJcIGCA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FlqBModiZAyB585fgHsYsZaSykprIdbxX4BNp6Aogb5iiJKHBUb1iQ7rcWbTXuGQxuH0QCg1FiiI0573HI09JvKDx9n8HtOqU3H1GPqTbHKbY7VsCAouzeaaN9kz3Gw/xCMhGmDiuwf9Z9Msiybq8jaB1g+S2rlprUlDF0A4eeFjbXht02ncgHfYxyGRtwfLXlGkO9j8FieNuh50QopRt8ldhTOYNIwVCkZj3qkJqloVzTJTlDqaKqx0BXXwZwsPlb5CNvpRvCyogvzrKcBJTniRESnyMlpaXyt56PidHx64riSdIbuE52zE3UUYVwmdBQmjw94FfK/+4lbYC/R+og==
- Thread-topic: admin user (and ditto group member) no longer has the corresponding permissions?!
Internally X11 is launched from bash.
You need to add /bin/bash to Full Disk Access in the Privacy tab in the
Security and Privacy Control Panel.
D
> On 27 Jul 2020, at 20:10, René J.V. Bertin via X11-users
> <email@hidden> wrote:
>
> Hi,
>
> (Cross-post - apologies - explanation below)
>
> To streamline things as a port dev/maintainer I've set `macportsuser` to
> myself, which means that as a member of the admin group I get to do a lot of
> things without needing to sudo all the time. I know the risks, and always
> managed to avoid them.
>
> And now something has changed, not just for the MacPorts-related directories
> (the build dir, in particular), but system-wide, and even after a reboot.
>
> I'm still an admin user, and AFAICT I can still do everything I could through
> the GUI. I can still "sudo". But I can no longer access files that are not
> mine and don't have the required permissions for "other" users. I have
> another admin user account ("adplus"), and when I su or FUS as/to that
> account I can still do anything I expect to be able to do. The group
> memberships are almost strictly identical: my usual account just is a member
> of the access_bpf (wireshark) and procmod groups.
>
> For instance:
> ```
> %> mkdir /tmp/kk
> %> sudo chown root:admin /tmp/kk ; sudo chmod 770 /tmp/kk ; \ls -ldO /tmp/kk
> ; \ls -lO /tmp/kk
> drwxrwx--- 2 root admin - 68 Jul 27 20:14 /tmp/kk
> %> date > /tmp/kk/kkk
> /tmp/kk/kkk: Permission denied.
> Exit 1
> %> \ls -lO /tmp/kk
> ls: kk: Permission denied
> Exit 1
>
> %> su -l adplus
> %> date > /tmp/kk/kkk
> %> \ls -lO /tmp/kk
> total 8
> -rw-r--r-- 1 adplus admin - 30 Jul 27 20:29 kkk
> ```
> Now, to make this more interesting: the above applies to a shell running in a
> terminal emulator that gets started when I launch my X11 environment (from
> the X11 icon in the Dock). Shells running in Terminal.app (also launched from
> the Dock) give me all the permissions I expect, and if I start my X terminal
> emulator from such a shell it inherits those permissions. Launching X11 from
> a shell in Terminal.app doesn't help.
>
> In short, it looks like somehow my regular user account gets partly crippled
> when I start my X11 environment the way I used to, or at least in shells
> launched through xterm. Specifically, I can launch a Terminal.app or
> iTerm.app from my xinitrc script, and I'll have the expected permissions in
> there. But when I launch an xterm through that test shell, I will not have
> all permissions.
> I seem to have read reports of something like this on the XQuartz ML (which
> is why I'm cross-posting) but I'm running OS X 10.9.5 which hasn't seen any
> system/policy updates for quite some time (and certainly not during the
> previous 19-day uptime, not that I recall at least). I'm using an X11 server
> built from version of the MacPorts port:x11 (and haven't touched anything in
> there either).
>
> Any idea what on earth is happening here, what could have changed?
>
> Thanks!
> René Bertin
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> X11-users mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
This email and any attachments are intended solely for the use of the named
recipients. If you are not the intended recipient you must not use, disclose,
copy or distribute this email or any of its attachments and should notify the
sender immediately and delete this email from your system. UK Research and
Innovation (UKRI) has taken every reasonable precaution to minimise risk of
this email or any attachments containing viruses or malware but the recipient
should carry out its own virus and malware checks before opening the
attachments. UKRI does not accept any liability for any losses or damages which
the recipient may sustain due to presence of any viruses. Opinions, conclusions
or other information in this message and attachments that are not related
directly to UKRI business are solely those of the author and do not represent
the views of UKRI.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
X11-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden