[texhax] Umasks, Permissions, and All That

Thomas Schneider schneidt at mail.nih.gov
Sat Jul 13 17:43:36 CEST 2013


Reinhard:

>  > Dick:
>  > 
>  > > I'd like to summarize the current situation regarding umask, Unix
>  > > Permissions, and MacTeX.  When MacTeX installs, the directories
>  > > /usr/local and /usr/local/texlive may or may not exist. If they
>  > > already exist, their permissions are not changed. If they don't
>  > > exist, they are given reasonable permissions.
>  > 
>  > I think the only reasonable permissions are drwxr-xr-x with ownership
>  > being root.
> 
> You cannot change ownership unless you are root already.  And I don't
> recommend to install everything as root.

When you give your administrative password to do an installation
through a graphical user interface, you are (as I understand it)
essentially becomming root.  So just about everything you install IS
as root.  Furthermore, the requrement for using sudo in the texlive
2013 installation IS making the person root.

Furthermore, the purpose of being root is to prevent a normal user
from inadvertantly or maliciously changing the operating system.

> I'm the owner of /usr/local because I maintain the stuff therein.

You own your computer but root ought to own things in /usr/local to
allow all people working on the computer access.  If you want a
private package, install it in your own files under your home
directory and route your path through it.  Then you will have full
control over the installation AND when you move your personal files to
another computer, you will carry the program with you and won't have
to move /usr/local separately.

> It would be a pain if I had to use sudo when installing to a
> directory owned by me.

That strikes me as lazy.  It's hardly any extra work (0.5 seconds if
you touch type!!), installation occurs infrequently and using sudo
keeps the operating system secure.  If you want an insecure computer
system (and the resulting instability), use Windows.  (Last I asked, a
normal user can still modify a Windows operating system with no
safeguards.  As I understand it, that's most of why there are still
viruses in the world.  An exception is government installations that
prevent all changes on Windows so folks have to get a sysadmin in all
the time to do the most trivial installation.)

> And I would be pissed off if an installer disregards my personal
> umask.

Rightfully so, but this is only for texlive and the settings ought to
make the package available to everyone on the machine.  It only makes
sense, the texlive is public software.  Why would you want to hide it
from others on the computer?

You can always change it to be not permitted.  But take a look at your
/usr/local and show us what the permissions are in your packages
there.

> In respect of file permissions, I'm conviced that the current behavior
> of both, TeX Live and MacTeX, is correct.  IMO it doesn't matter at all
> whether it's a good or bad idea.  The only question is whether it's
> correct or not.  It's *not* a matter of taste or convenience.

You have not given any evidence that setting permissions to drwxr-xr-x
is wrong.  You have not given any evidence that the current behavior
is 'correct'.  All you did was assert that.

> Thomas, you said that you're using tcsh.  I don't have OS/X but
> doesn't it come with Bash as well?  Could you check whether it works
> with Bash?

Of course I have bash on my machine, it's a Unix box.  But if I were
installing using bash, I would STILL set my own mask to 077 so that my
files are not visible to others unless I intentionally set them to be
visible.  This would probably still (inappropriately) propagate to the
sudo.  So the shell is irrelevant.

> umask is a shell function and different shells have different startup
> scripts.

That's not relevant since users like me will set their shells to make
their files more secure.

Tom

  Thomas D. Schneider, Ph.D.
  Senior Investigator
  National Institutes of Health
  National Cancer Institute
  Center for Cancer Research
  Gene Regulation and Chromosome Biology Laboratory
  Molecular Information Theory Group
  Frederick, Maryland  21702-1201
  schneidt at mail.nih.gov
  http://schneider.ncifcrf.gov/(current link)
  http://alum.mit.edu/www/toms (permanent link)


More information about the texhax mailing list